Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack After "looks Clean" Comp


  • This topic is locked This topic is locked
15 replies to this topic

#1 savasg

savasg

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 24 September 2008 - 02:48 AM

After the topic "Trojan.win32.qhost (kaspersky), C:\Windows\system32\drivers\etc\hosts" closed, here is the hijackthis log

Said topic was in Am I Infected forum here: http://www.bleepingcomputer.com/forums/t/170956/trojanwin32qhost-kaspersky/ Quietman7 sent savasq here. ~ OB

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:48, on 24.09.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\stdhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Aēma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Transaction Tasker] stdhost.exe
O4 - HKLM\..\RunServices: [Transaction Tasker] stdhost.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 8349 bytes

Edited by Orange Blossom, 24 September 2008 - 11:32 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 30 September 2008 - 02:31 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

Next time if you do not recieve a response in 5 days, post here.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
Please take a log with this tool so I can see the current state of your machine.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.


With Regards,
The Panda

#3 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 30 September 2008 - 06:02 PM

Hi Panda;

Thanks for your help

OTView ends with a message "Acess Violation at adress 77C15973 in module "ntdll.dll".Read of address 00000022"
"EXTRA.TXT IS NOT THERE
I RUN 3 TIMES BUT I HAVE THAT MESSAGE FOR ALL ATTEMPTS
DO YOU WANT ME TO DOWLOAD OTV AGAIN TO HAVE THE EXTRA.TXT"
Here is the log file

OTViewIt logfile created on: 01.10.2008 01:58:33 - Run 3
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\CASPER\Desktop
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

1021,70 Mb Total Physical Memory | 558,54 Mb Available Physical Memory | 54,67% Memory free
2,25 Gb Paging File | 1,38 Gb Available in Paging File | 61,42% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,38 Gb Total Space | 40,59 Gb Free Space | 48,68% Space Free | Partition Type: NTFS
Drive D: | 65,67 Gb Total Space | 6,43 Gb Free Space | 9,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASPER-PC
Current User Name: CASPER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008.01.19 10:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008.01.19 10:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008.01.19 10:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008.07.19 17:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008.07.19 17:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008.01.19 10:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008.01.19 10:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2007.04.10 11:01:32 | 04,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2008.07.19 17:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2007.05.10 17:58:42 | 00,344,064 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe
[2008.04.23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2008.06.10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008.01.19 10:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2005.04.04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
[2007.07.24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
[2008.05.27 08:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008.01.19 10:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2008.01.19 10:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2005.04.04 19:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
[2008.07.19 17:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008.07.23 17:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008.01.19 10:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008.01.19 10:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008.01.19 10:33:10 | 00,933,888 | RHS- | M] () -- C:\Windows\System32\stdhost.exe
[2008.01.19 10:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2008.01.19 10:33:04 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2008.01.19 10:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007.09.20 11:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
[2008.05.27 08:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008.05.27 08:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008.10.01 01:52:54 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007.12.13 22:17:41 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005.04.04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
[2008.07.19 17:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
[2008.07.19 17:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008.07.19 17:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008.07.23 17:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2008.01.05 14:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008.01.19 10:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008.01.05 14:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008.01.19 10:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008.01.05 14:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006.11.02 16:06:13 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2007.01.05 13:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2008.01.05 14:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006.12.23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007.07.24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
[2008.01.19 10:36:17 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008.01.19 10:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
[2008.01.19 10:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006.11.02 12:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008.01.19 10:33:33 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
[2008.01.19 10:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007.10.18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008.01.19 10:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008.01.02 04:39:02 | 00,024,576 | ---- | M] (Atribune.org) -- C:\Windows\System32\VundoFixSVC.exe -- (VundoFixSvc [On_Demand | Stopped])
[2007.10.25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008.05.27 08:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006.11.02 12:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006.11.02 12:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006.11.02 12:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006.11.02 12:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006.11.02 12:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006.11.02 12:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006.11.02 12:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006.11.02 11:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006.11.02 11:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006.11.02 12:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008.07.19 17:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008.07.19 17:36:03 | 00,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
[2008.07.19 17:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
[2008.07.19 17:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008.07.19 17:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2007.09.29 06:13:56 | 03,154,944 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Running])
[2006.11.02 10:30:53 | 00,167,936 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])
File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2008.01.19 08:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006.11.02 11:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006.11.02 11:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006.11.02 11:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006.11.02 11:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006.11.02 11:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006.11.02 11:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006.11.02 11:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
File not found -- C:\Users\CASPER\AppData\Local\Temp\catchme.sys -- (catchme [On_Demand | Stopped])
[2006.11.02 11:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008.01.19 10:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006.11.02 12:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006.11.02 12:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006.11.02 11:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008.01.19 08:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008.08.02 04:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008.01.19 10:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006.11.02 12:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008.01.19 08:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2006.11.02 10:30:56 | 00,045,568 | ---- | M] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running])
[2008.01.19 10:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008.01.19 08:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006.11.02 12:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006.11.02 10:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008.01.19 07:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006.11.02 11:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006.11.02 11:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006.11.02 12:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp [Disabled | Stopped])
[2006.10.19 05:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])
[2006.11.02 12:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006.11.02 12:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2007.04.10 14:05:38 | 01,764,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008.01.19 08:27:21 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm [On_Demand | Running])
[2006.11.02 11:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008.01.19 10:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006.11.02 12:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006.11.02 12:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008.01.19 08:49:17 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008.01.19 08:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006.11.02 12:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006.11.02 12:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008.01.19 08:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006.11.02 12:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008.01.19 08:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006.11.02 12:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008.01.19 08:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006.11.02 12:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008.05.08 22:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008.01.19 08:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006.11.02 12:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006.11.02 12:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008.01.19 10:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008.01.19 10:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008.01.19 08:49:19 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008.05.20 05:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006.11.02 12:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008.05.11 14:31:31 | 00,042,512 | ---- | M] (CACE Technologies) -- C:\Windows\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2008.01.19 08:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006.11.02 10:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006.11.02 12:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006.11.02 12:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006.11.02 12:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006.11.02 12:49:20 | 00,013,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys -- (pciide [Disabled | Stopped])
[2006.11.02 12:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2006.11.02 11:30:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys -- (Processor [Disabled | Stopped])
[2008.04.05 04:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006.11.02 12:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008.01.19 08:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2007.09.29 06:13:56 | 03,154,944 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2008.01.19 08:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008.01.19 09:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008.01.19 08:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2007.04.06 11:22:08 | 00,861,184 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP [On_Demand | Stopped])
[2006.11.02 12:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006.11.02 09:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008.01.19 08:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006.11.02 11:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006.11.02 11:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006.11.02 11:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006.11.02 12:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006.11.02 12:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008.01.19 08:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2007.05.10 17:10:50 | 12,179,584 | ---- | M] () -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD [On_Demand | Running])
[2008.01.19 10:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008.01.19 08:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008.01.19 08:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006.11.02 12:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006.11.02 12:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006.11.02 12:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008.01.19 08:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008.01.19 08:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008.01.19 09:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008.01.19 08:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008.01.19 08:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2008.01.19 10:42:32 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [Boot | Running])
[2006.11.02 12:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006.11.02 12:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006.11.02 12:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008.01.19 08:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006.11.02 11:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008.01.19 08:53:21 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2006.11.02 11:55:05 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci [Disabled | Stopped])
[2006.11.02 11:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006.11.02 12:49:52 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp [On_Demand | Stopped])
[2006.11.02 11:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008.01.19 10:41:25 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Boot | Running])
[2008.01.19 10:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008.01.19 10:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006.11.02 12:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006.11.02 11:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006.11.02 12:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008.01.19 10:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006.11.02 11:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008.01.19 08:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2008.01.19 08:53:04 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (357 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 update.microsoft.com
127.0.0.1 www.windowsupdate.microsoft.com
127.0.0.1 avpg.crsi.symantec.com
127.0.0.1 pif.symantec.com
127.0.0.1 pifmain.symantec.com
127.0.0.1 update.avg.com
127.0.0.1 backup.avg.cz
127.0.0.1 akamai.avg.com
127.0.0.1 u20.eset.com
127.0.0.1 eset.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" File not found
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon File not found
"FixCamera"=C:\Windows\FixCamera.exe File not found
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File not found
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"S3Trayp"=S3trayp.exe File not found
"snp2std"=C:\Windows\vsnp2std.exe (Sonix)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"Transaction Tasker"=stdhost.exe ()
"tsnp2std"=C:\Windows\tsnp2std.exe File not found
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found

========== (O4) RunServices Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Transaction Tasker"=stdhost.exe ()

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Microsoft Excel'e Gö&nder: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001.04.11 20:00:10 | 09,169,016 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Uninstall BitDefender Online Scanner v8 -- C:\Windows\bdoscandel.exe ()
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: PartyCasino.com -- C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: PartyCasino.com -- C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file:///C:/Windows/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{396F47EC-A46B-4681-801F-CA1C91A4047A} (Servers: | Description: VIA Rhine II Uyumlu Fast Ethernet Bağdaştırıcısı)
{A64D4A98-9314-4AD0-9A8C-B1C4133D7537} (Servers: | Description: VIA Rhine II Fast Ethernet Bağdaştırıcısı)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008.01.19 10:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008.01.19 10:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006.09.19 00:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6223847b-7704-11dd-b5d7-001d922cbaf6}\Shell\AutoRun\command]
""=F:\TKD.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\TKD.EXE -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008.10.01 01:52:39 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe
[2008.09.28 15:42:47 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008.09.28 15:38:56 | 00,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008.09.25 05:50:57 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Local\Adobe
[2008.09.24 15:08:28 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Local\Ahead
[2008.09.24 00:08:05 | 02,605,878 | -H-- | C] () -- C:\Users\CASPER\AppData\Local\IconCache.db
[2008.09.24 00:02:27 | 10,720,95232 | -HS- | C] () -- C:\hiberfil.sys
[2008.09.23 21:27:26 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Roaming\Malwarebytes
[2008.09.23 21:27:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008.09.23 02:36:22 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2008.09.23 02:35:55 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Roaming\SUPERAntiSpyware.com
[2008.09.23 02:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008.09.23 02:35:23 | 06,586,904 | ---- | C] () -- C:\Users\CASPER\Desktop\SUPERAntiSpywarePro.exe
[2008.09.20 15:13:04 | 00,000,787 | ---- | C] () -- C:\Users\Public\Desktop\Photoviewer.lnk
[2008.09.20 15:13:03 | 00,000,000 | ---D | C] -- C:\Program Files\Photo Viewer
[2008.09.16 19:54:51 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008.09.16 19:54:49 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008.09.16 19:54:44 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2008.09.16 19:54:43 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008.09.16 19:54:43 | 00,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2008.09.16 19:54:43 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008.09.16 19:54:43 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2008.09.16 19:54:43 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2008.09.16 19:54:41 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll

========== Files - Modified Within 30 Days ==========

[2008.10.01 01:52:54 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe
[2008.10.01 00:23:28 | 00,004,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008.10.01 00:23:28 | 00,004,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008.09.30 21:54:33 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2008.09.30 20:28:00 | 01,382,408 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008.09.30 20:28:00 | 00,588,732 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2008.09.30 20:28:00 | 00,585,914 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008.09.30 20:28:00 | 00,114,782 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2008.09.30 20:28:00 | 00,100,718 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008.09.30 20:24:03 | 00,000,357 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2008.09.30 20:23:34 | 00,002,471 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2008.09.30 20:23:34 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008.09.30 20:23:25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008.09.30 20:23:22 | 10,720,95232 | -HS- | M] () -- C:\hiberfil.sys
[2008.09.30 20:21:49 | 02,605,878 | -H-- | M] () -- C:\Users\CASPER\AppData\Local\IconCache.db
[2008.09.29 22:32:44 | 00,192,000 | ---- | M] () -- C:\Users\CASPER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.29 20:27:33 | 00,000,504 | ---- | M] () -- C:\Users\CASPER\Documents\Paylaşım Klasörlerim.lnk
[2008.09.28 15:38:57 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2008.09.23 02:35:24 | 06,586,904 | ---- | M] () -- C:\Users\CASPER\Desktop\SUPERAntiSpywarePro.exe
[2008.09.20 15:13:04 | 00,000,787 | ---- | M] () -- C:\Users\Public\Desktop\Photoviewer.lnk
[2008.09.18 09:24:55 | 00,040,960 | ---- | M] () -- C:\Users\CASPER\Documents\2008 borē ödeme listesi.xls
< End of report >

Edited by savasg, 01 October 2008 - 04:35 AM.


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 01 October 2008 - 07:11 AM

Hello Savasg.

Posted ImageBackdoor Threat
I'm sorry to say that your computer is infected with one or more backdoor trojans.

This means that sensitive information could have been stolen. I would advise to change any passwords for any accounts that you have accessed with the infected computer using a clean computer ASAP. If you have used this computer for banking, I would strongly suggest that you report the possible stolen information. Please do not use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.

You may want to read this article on how to handle identity theft.
You may also want to read this article regarding preventing of identity theft.

This computer can still be cleaned, however, I cannot guarantee that it will be 100% safe even after disinfection.

Please read When Should I Format, How Should I Reinstall.

I will proceed assuming you wish to disinfect. If you want to do a reinstall, reply back saying so.

Submit File to Online Scanner
There is an unidentified file that I would like you to check out for me using Jotti/VirusTotal.
  • Open Jotti Online Scanner, or VirusTotal Online Scanner. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
Disable Realtime Protection
Disable Avast!'s realtime protection by right clicking on the try icon beside your clock that looks like Posted Image and selecting Stop On-Access Protection.

In the settings:
Posted Image

Download and Run ComboFix
Download Combofix from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3

Refer to this page for full instructions on running ComboFix.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.



Please post back with:
-the Jotti results
-the ComboFix log

With Regards,
The Panda

#5 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 01 October 2008 - 07:47 AM

PP;

Jotti says the file is running
virustotal says o bytes loaded;
should I continue to combofix?
I would like to uninstall avast before this; should I?....


HERE IS THE COMBOFIX LOG

ComboFix 08-09-30.03 - CASPER 2008-10-01 15:59:52.6 - NTFSx86
Microsoft® Windows Vista™ Starter 6.0.6001.1.1254.1.1055.18.390 [GMT 3:00]
Running from: C:\Users\CASPER\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@adsrv.adgroupm[2].txt
C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@adsrv.adgroupm[3].txt
C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@isohunt[1].txt
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\packet.dll
C:\Windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV
-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.

2008-10-01 16:06 . 2008-10-01 16:06 212,073,248 --a------ C:\Windows\MEMORY.DMP
2008-09-28 15:38 . 2008-09-28 15:38 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\Malwarebytes
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-23 04:28 . 2008-09-23 04:28 <DIR> d-------- C:\Windows\Google Earth Pro 4.2
2008-09-23 04:28 . 2008-09-23 04:29 <DIR> d-------- C:\Program Files\Google Earth Pro 4.2
2008-09-23 02:36 . 2008-09-23 02:36 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-23 02:35 . 2008-09-28 15:42 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\SUPERAntiSpyware.com
2008-09-23 02:35 . 2008-09-28 15:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-20 15:13 . 2008-09-20 15:13 <DIR> d-------- C:\Program Files\Photo Viewer
2008-09-16 19:54 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-16 19:54 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-16 19:54 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-16 19:54 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-16 19:54 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-16 19:54 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-16 19:54 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-16 19:54 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-16 19:54 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 13:07 --------- d---a-w C:\ProgramData\TEMP
2008-10-01 10:47 --------- d-----w C:\Users\CASPER\AppData\Roaming\uTorrent
2008-09-28 12:40 --------- d-----w C:\Program Files\myBabylon
2008-09-28 12:40 --------- d-----w C:\Program Files\Conduit
2008-09-28 12:37 --------- d-----w C:\Program Files\IKEA Home Planner
2008-09-23 01:26 --------- d-----w C:\Users\CASPER\AppData\Roaming\Flood Light Games
2008-09-23 01:22 --------- d-----w C:\ProgramData\HipSoft
2008-09-23 01:21 --------- d-----w C:\ProgramData\Flood Light Games
2008-09-01 20:56 --------- d-----w C:\Program Files\Java
2008-08-29 19:37 --------- d-----w C:\Program Files\Windows Mail
2008-08-27 05:52 88 --sh--r C:\ProgramData\9198EF88B9.sys
2008-08-27 05:52 2,516 --sha-w C:\ProgramData\KGyGaAvL.sys
2008-08-27 05:52 --------- d-----w C:\ProgramData\Corel
2008-08-19 19:47 --------- d-----w C:\Users\CASPER\AppData\Roaming\LimeWire
2008-08-04 01:24 --------- d-----w C:\Program Files\B.G-Sozluk
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-22 20:12 60,072 ----a-w C:\Users\CASPER\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-04-18 17:35 174 --sha-w C:\Program Files\desktop.ini
.
<pre>
----a-w		   856,064 2007-12-30 10:08:22  C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe
----a-w			39,792 2007-12-30 10:08:13  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w		   398,944 2007-12-29 22:18:01  C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN .EXE
----a-w		   155,648 2007-12-30 10:08:13  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w		   143,360 2007-12-30 10:08:23  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w		 5,674,352 2007-12-24 15:55:31  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		 1,460,560 2007-12-30 10:08:24  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w			20,480 2007-12-30 10:08:18  C:\Windows\FixCamera .exe
----a-w		 4,431,872 2007-12-30 10:08:15  C:\Windows\RtHDVCpl .exe
----a-w		   270,336 2007-12-30 10:08:22  C:\Windows\tsnp2std .exe
----a-w		   344,064 2007-12-30 10:08:23  C:\Windows\vsnp2std .exe
----a-w		   176,128 2007-12-30 10:08:12  C:\Windows\System32\S3trayp .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [N/A]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"FixCamera"="C:\Windows\FixCamera.exe" [N/A]
"tsnp2std"="C:\Windows\tsnp2std.exe" [N/A]
"snp2std"="C:\Windows\vsnp2std.exe" [2007-05-10 344064]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [N/A]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [N/A]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 C:\Windows\RtHDVCpl.exe]
"S3Trayp"="S3trayp.exe" [N/A]
"Transaction Tasker"="stdhost.exe" [2008-01-19 C:\Windows\System32\stdhost.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Transaction Tasker"="stdhost.exe" [2008-01-19 C:\Windows\System32\stdhost.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-13 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1368108717-4242774170-1273681994-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF51D0CF-1717-4349-A654-B354CED7EDC8}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A123CA06-72C5-4425-84D4-DA4BC1CF9F8C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{FEF69B70-3CDC-43AD-B839-B7AF30C51370}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{52981748-AA44-4F35-87BB-62C3940EF3F1}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"{0ABBD158-F0AE-4A00-AFA8-F6FA92E5CFB7}"= UDP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"{DFB9A8A7-FCBD-4859-A6F5-746AA73D0A85}"= TCP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"TCP Query User{A55F86CF-8EA5-412E-A300-B24B0E587301}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{1C620539-3F04-4B4D-9A9C-24DFF5ADEA4D}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{DA91A1C1-00AB-4F34-8EF9-024D0FCC7489}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F4028400-BC40-4C22-A798-E5552D6A9AC2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{27376D19-7827-45F2-BBC1-B332D2E9971B}C:\\program files\\msn messenger\\msnmsgr .exe"= UDP:C:\program files\msn messenger\msnmsgr .exe:Messenger
"UDP Query User{D6ED12A6-4752-4C14-B89F-176FF51E7E20}C:\\program files\\msn messenger\\msnmsgr .exe"= TCP:C:\program files\msn messenger\msnmsgr .exe:Messenger
"{4A7510B0-819F-4BCC-9E82-7B47CCA372B0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{72AA1ABE-6570-462F-9DFE-6037C24B45A9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8CD240E5-25AE-4A2E-BE3B-9493DFA6E7D6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F49EDA5-0D28-499B-8099-3FBDB62A99AD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC04CF6E-23AF-4FBA-8513-F7CFDB2D54AD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{03420A55-B2ED-4745-9888-C127914F11C6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-05-10 12179584]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 NPF;Netgroup Packet Filter;C:\Windows\system32\drivers\npf.sys [2008-10-01 42512]
S3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-04-06 861184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\TKD.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6223847b-7704-11dd-b5d7-001d922cbaf6}]
\shell\AutoRun\command - F:\TKD.EXE
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Microsoft Excel'e Gö&nder - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 -: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 -: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe -

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 16:07:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\CASPER\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WerFault.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-10-01 16:16:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-01 13:16:26
ComboFix2.txt 2008-01-13 10:05:52

Pre-Run: 44.100.726.784 bayt boş
Post-Run: 43,945,738,240 bayt boŸ

212 --- E O F --- 2008-09-16 16:57:42

Edited by savasg, 01 October 2008 - 08:18 AM.


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 02 October 2008 - 07:21 AM

Hello Savasg.

You had a file infector virus on your machine. It may have damaged some legit files. The programs affected include:
  • Adobe Reader
  • Adobe Version Cue CS2
  • Easy-PrintToolBox
  • MSN Messenger
  • Nero
  • SpyBot
  • CameraFixer MFC Application
  • Realtek Semiconductor Audio Driver
  • Graphics Co., Ltd Screen Toys
We will be able to remove the infection, but some of the above may need to be reinstalled.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Run ComboFix with CFScript
We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how. Be sure to disable Avast! like last time.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    File::
    C:\Windows\System32\stdhost.exe
    
    RenV::
    ----a-w		   856,064 2007-12-30 10:08:22  C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe
    ----a-w			39,792 2007-12-30 10:08:13  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    ----a-w		   398,944 2007-12-29 22:18:01  C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN .EXE
    ----a-w		   155,648 2007-12-30 10:08:13  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    ----a-w		   143,360 2007-12-30 10:08:23  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    ----a-w		 5,674,352 2007-12-24 15:55:31  C:\Program Files\MSN Messenger\MsnMsgr .Exe
    ----a-w		 1,460,560 2007-12-30 10:08:24  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
    ----a-w			20,480 2007-12-30 10:08:18  C:\Windows\FixCamera .exe
    ----a-w		 4,431,872 2007-12-30 10:08:15  C:\Windows\RtHDVCpl .exe
    ----a-w		   270,336 2007-12-30 10:08:22  C:\Windows\tsnp2std .exe
    ----a-w		   344,064 2007-12-30 10:08:23  C:\Windows\vsnp2std .exe
    ----a-w		   176,128 2007-12-30 10:08:12  C:\Windows\System32\S3trayp .exe
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Transaction Tasker"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Transaction Tasker"=-
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.


Post back with:
-the ComboFix log
-the Kaspersky log
-the OTViewIt logs

How is your computer running now?

With Regards,
The Panda

#7 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 02 October 2008 - 09:22 AM

Hi PP

COMBOFIX LOG AS BELOW
I COULD NOT GET KASPERSKY SCANNER BECAUSE OF THE PAGE LOADS WITH ERROR. (EXPLORER ICON DOES NOT HAVE RIGHT CLICK OPTION FOR OPENNING AS ADMINISTRATOR)
OTVIEW HAVE THE SAME ERROR "Acess Violation at adress 77C15973 in module "ntdll.dll".Read of address 00000022"
AS WELL. IT DID NOT PRODUCE EXTRA LOG BUT THE OTVIEWIT LOG BELOW

COMBOFIX LOG

ComboFix 08-09-30.03 - CASPER 2008-10-02 16:56:30.7 - NTFSx86
Microsoft® Windows Vista™ Starter 6.0.6001.1.1254.1.1055.18.520 [GMT 3:00]
Running from: C:\Users\CASPER\Desktop\ComboFix.exe
Command switches used :: C:\Users\CASPER\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\System32\stdhost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\packet.dll
C:\Windows\System32\stdhost.exe
C:\Windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.

2008-10-01 18:35 . 2008-10-01 18:35 244 --ah----- C:\sqmnoopt16.sqm
2008-10-01 18:35 . 2008-10-01 18:35 232 --ah----- C:\sqmdata16.sqm
2008-10-01 18:34 . 2008-10-01 18:34 244 --ah----- C:\sqmnoopt15.sqm
2008-10-01 18:34 . 2008-10-01 18:34 232 --ah----- C:\sqmdata15.sqm
2008-10-01 16:06 . 2008-10-01 16:06 212,073,248 --a------ C:\Windows\MEMORY.DMP
2008-09-28 15:38 . 2008-09-28 15:38 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\Malwarebytes
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-23 04:28 . 2008-09-23 04:28 <DIR> d-------- C:\Windows\Google Earth Pro 4.2
2008-09-23 04:28 . 2008-09-23 04:29 <DIR> d-------- C:\Program Files\Google Earth Pro 4.2
2008-09-23 02:36 . 2008-09-23 02:36 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-23 02:35 . 2008-09-28 15:42 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\SUPERAntiSpyware.com
2008-09-23 02:35 . 2008-09-28 15:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-20 15:13 . 2008-09-20 15:13 <DIR> d-------- C:\Program Files\Photo Viewer
2008-09-16 19:54 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-16 19:54 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-16 19:54 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-16 19:54 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-16 19:54 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-16 19:54 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-16 19:54 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-16 19:54 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-16 19:54 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 13:46 --------- d---a-w C:\ProgramData\TEMP
2008-10-02 13:37 --------- d-----w C:\Users\CASPER\AppData\Roaming\uTorrent
2008-09-28 12:40 --------- d-----w C:\Program Files\myBabylon
2008-09-28 12:40 --------- d-----w C:\Program Files\Conduit
2008-09-28 12:37 --------- d-----w C:\Program Files\IKEA Home Planner
2008-09-23 01:26 --------- d-----w C:\Users\CASPER\AppData\Roaming\Flood Light Games
2008-09-23 01:22 --------- d-----w C:\ProgramData\HipSoft
2008-09-23 01:21 --------- d-----w C:\ProgramData\Flood Light Games
2008-09-01 20:56 --------- d-----w C:\Program Files\Java
2008-08-29 19:37 --------- d-----w C:\Program Files\Windows Mail
2008-08-27 05:52 88 --sh--r C:\ProgramData\9198EF88B9.sys
2008-08-27 05:52 2,516 --sha-w C:\ProgramData\KGyGaAvL.sys
2008-08-27 05:52 --------- d-----w C:\ProgramData\Corel
2008-08-19 19:47 --------- d-----w C:\Users\CASPER\AppData\Roaming\LimeWire
2008-08-04 01:24 --------- d-----w C:\Program Files\B.G-Sozluk
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-22 20:12 60,072 ----a-w C:\Users\CASPER\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-04-18 17:35 174 --sha-w C:\Program Files\desktop.ini
.
<pre>
----a-w		   856,064 2007-12-30 10:08:22  C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe
----a-w			39,792 2007-12-30 10:08:13  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w		   398,944 2007-12-29 22:18:01  C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN .EXE
----a-w		   155,648 2007-12-30 10:08:13  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w		   143,360 2007-12-30 10:08:23  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w		 5,674,352 2007-12-24 15:55:31  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		 1,460,560 2007-12-30 10:08:24  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w			20,480 2007-12-30 10:08:18  C:\Windows\FixCamera .exe
----a-w		 4,431,872 2007-12-30 10:08:15  C:\Windows\RtHDVCpl .exe
----a-w		   270,336 2007-12-30 10:08:22  C:\Windows\tsnp2std .exe
----a-w		   344,064 2007-12-30 10:08:23  C:\Windows\vsnp2std .exe
----a-w		   176,128 2007-12-30 10:08:12  C:\Windows\System32\S3trayp .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-10-01_16.15.27.72 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-02 13:45:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-02 13:45:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-01 13:06:56 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-02 13:46:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-02 13:46:54 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-01 13:06:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-02 13:46:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-02 13:46:49 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-01 13:07:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-02 13:47:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-01 13:07:31 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-02 13:47:37 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-01 13:07:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-02 13:47:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-01 13:04:01 100,718 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-02 13:50:21 100,718 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-01 13:04:01 114,782 ----a-w C:\Windows\System32\perfc01F.dat
+ 2008-10-02 13:50:21 114,782 ----a-w C:\Windows\System32\perfc01F.dat
- 2008-10-01 13:04:01 585,914 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-02 13:50:21 585,914 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-01 13:04:01 588,732 ----a-w C:\Windows\System32\perfh01F.dat
+ 2008-10-02 13:50:21 588,732 ----a-w C:\Windows\System32\perfh01F.dat
- 2008-10-01 13:08:47 13,138 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1368108717-4242774170-1273681994-1000_UserData.bin
+ 2008-10-02 13:47:37 13,146 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1368108717-4242774170-1273681994-1000_UserData.bin
- 2008-10-01 13:08:41 78,034 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-02 13:47:37 78,034 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-01 12:58:39 42,588 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-02 13:47:35 42,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [N/A]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"FixCamera"="C:\Windows\FixCamera.exe" [N/A]
"tsnp2std"="C:\Windows\tsnp2std.exe" [N/A]
"snp2std"="C:\Windows\vsnp2std.exe" [2007-05-10 344064]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [N/A]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [N/A]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 C:\Windows\RtHDVCpl.exe]
"S3Trayp"="S3trayp.exe" [N/A]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-13 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1368108717-4242774170-1273681994-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF51D0CF-1717-4349-A654-B354CED7EDC8}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A123CA06-72C5-4425-84D4-DA4BC1CF9F8C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{FEF69B70-3CDC-43AD-B839-B7AF30C51370}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{52981748-AA44-4F35-87BB-62C3940EF3F1}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"{0ABBD158-F0AE-4A00-AFA8-F6FA92E5CFB7}"= UDP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"{DFB9A8A7-FCBD-4859-A6F5-746AA73D0A85}"= TCP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"TCP Query User{A55F86CF-8EA5-412E-A300-B24B0E587301}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{1C620539-3F04-4B4D-9A9C-24DFF5ADEA4D}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{DA91A1C1-00AB-4F34-8EF9-024D0FCC7489}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F4028400-BC40-4C22-A798-E5552D6A9AC2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{27376D19-7827-45F2-BBC1-B332D2E9971B}C:\\program files\\msn messenger\\msnmsgr .exe"= UDP:C:\program files\msn messenger\msnmsgr .exe:Messenger
"UDP Query User{D6ED12A6-4752-4C14-B89F-176FF51E7E20}C:\\program files\\msn messenger\\msnmsgr .exe"= TCP:C:\program files\msn messenger\msnmsgr .exe:Messenger
"{4A7510B0-819F-4BCC-9E82-7B47CCA372B0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{72AA1ABE-6570-462F-9DFE-6037C24B45A9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8CD240E5-25AE-4A2E-BE3B-9493DFA6E7D6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F49EDA5-0D28-499B-8099-3FBDB62A99AD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC04CF6E-23AF-4FBA-8513-F7CFDB2D54AD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{03420A55-B2ED-4745-9888-C127914F11C6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-05-10 12179584]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-04-06 861184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\TKD.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6223847b-7704-11dd-b5d7-001d922cbaf6}]
\shell\AutoRun\command - F:\TKD.EXE
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 17:01:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-02 17:04:01
ComboFix-quarantined-files.txt 2008-10-02 14:02:57
ComboFix2.txt 2008-10-01 13:16:34
ComboFix3.txt 2008-01-13 10:05:52

Pre-Run: 43.543.449.600 bayt boş
Post-Run: 43,561,431,040 bayt boş

210 --- E O F --- 2008-09-16 16:57:42


OTVIEWIT LOG

OTViewIt logfile created on: 02.10.2008 17:12:49 - Run 5
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\CASPER\Desktop
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

1021,70 Mb Total Physical Memory | 354,20 Mb Available Physical Memory | 34,67% Memory free
2,26 Gb Paging File | 1,41 Gb Available in Paging File | 62,57% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,38 Gb Total Space | 42,18 Gb Free Space | 50,59% Space Free | Partition Type: NTFS
Drive D: | 65,67 Gb Total Space | 6,13 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASPER-PC
Current User Name: CASPER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008.01.19 10:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008.01.19 10:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008.01.19 10:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008.01.19 10:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008.01.19 10:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007.04.10 11:01:32 | 04,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2008.07.19 17:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008.04.23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2008.06.10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2005.04.04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
[2008.07.19 17:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008.07.19 17:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2007.07.24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
[2008.01.19 10:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2005.04.04 19:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
[2008.07.19 17:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008.07.23 17:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008.01.19 10:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008.01.19 10:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2008.01.19 10:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008.01.19 10:33:04 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2008.05.27 08:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008.01.19 10:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008.01.19 10:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007.09.20 11:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
[2008.05.27 08:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008.05.27 08:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008.10.02 17:12:37 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007.12.13 22:17:41 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005.04.04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
[2008.07.19 17:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
[2008.07.19 17:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008.07.19 17:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008.07.23 17:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2008.01.05 14:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008.01.19 10:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008.01.05 14:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008.01.19 10:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008.01.05 14:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006.11.02 16:06:13 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2007.01.05 13:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2008.01.05 14:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006.12.23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007.07.24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
[2008.01.19 10:36:17 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008.01.19 10:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
[2008.01.19 10:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006.11.02 12:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008.01.19 10:33:33 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
[2008.01.19 10:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007.10.18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008.01.19 10:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008.01.02 04:39:02 | 00,024,576 | ---- | M] (Atribune.org) -- C:\Windows\System32\VundoFixSVC.exe -- (VundoFixSvc [On_Demand | Stopped])
[2007.10.25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008.05.27 08:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006.11.02 12:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006.11.02 12:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006.11.02 12:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006.11.02 12:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006.11.02 12:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006.11.02 12:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006.11.02 12:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006.11.02 11:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006.11.02 11:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006.11.02 12:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008.07.19 17:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008.07.19 17:36:03 | 00,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
[2008.07.19 17:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
[2008.07.19 17:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008.07.19 17:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2007.09.29 06:13:56 | 03,154,944 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Running])
[2006.11.02 10:30:53 | 00,167,936 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])
File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2008.01.19 08:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006.11.02 11:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006.11.02 11:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006.11.02 11:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006.11.02 11:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006.11.02 11:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006.11.02 11:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006.11.02 11:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Running])
[2006.11.02 11:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008.01.19 10:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006.11.02 12:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006.11.02 12:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006.11.02 11:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008.01.19 08:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008.08.02 04:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008.01.19 10:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006.11.02 12:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008.01.19 08:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2006.11.02 10:30:56 | 00,045,568 | ---- | M] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running])
[2008.01.19 10:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008.01.19 08:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006.11.02 12:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006.11.02 10:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008.01.19 07:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006.11.02 11:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006.11.02 11:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006.11.02 12:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp [Disabled | Stopped])
[2006.10.19 05:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])
[2006.11.02 12:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006.11.02 12:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2007.04.10 14:05:38 | 01,764,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008.01.19 08:27:21 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm [On_Demand | Running])
[2006.11.02 11:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008.01.19 10:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006.11.02 12:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006.11.02 12:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008.01.19 08:49:17 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008.01.19 08:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006.11.02 12:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006.11.02 12:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008.01.19 08:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006.11.02 12:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008.01.19 08:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006.11.02 12:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008.01.19 08:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006.11.02 12:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008.05.08 22:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008.01.19 08:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006.11.02 12:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006.11.02 12:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008.01.19 10:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008.01.19 10:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008.01.19 08:49:19 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008.05.20 05:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006.11.02 12:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008.01.19 08:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006.11.02 10:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006.11.02 12:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006.11.02 12:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006.11.02 12:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006.11.02 12:49:20 | 00,013,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys -- (pciide [Disabled | Stopped])
[2006.11.02 12:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2006.11.02 11:30:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys -- (Processor [Disabled | Stopped])
[2008.04.05 04:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006.11.02 12:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008.01.19 08:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2007.09.29 06:13:56 | 03,154,944 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2008.01.19 08:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008.01.19 09:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008.01.19 08:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2007.04.06 11:22:08 | 00,861,184 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP [On_Demand | Stopped])
[2006.11.02 12:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006.11.02 09:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008.01.19 08:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006.11.02 11:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006.11.02 11:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006.11.02 11:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006.11.02 12:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006.11.02 12:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008.01.19 08:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2007.05.10 17:10:50 | 12,179,584 | ---- | M] () -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD [On_Demand | Running])
[2008.01.19 10:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008.01.19 08:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008.01.19 08:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006.11.02 12:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006.11.02 12:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006.11.02 12:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008.01.19 08:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008.01.19 08:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008.01.19 09:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008.01.19 08:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008.01.19 08:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2008.01.19 10:42:32 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [Boot | Running])
[2006.11.02 12:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006.11.02 12:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006.11.02 12:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008.01.19 08:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006.11.02 11:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008.01.19 08:53:21 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2006.11.02 11:55:05 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci [Disabled | Stopped])
[2006.11.02 11:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006.11.02 12:49:52 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp [On_Demand | Stopped])
[2006.11.02 11:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008.01.19 10:41:25 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Boot | Running])
[2008.01.19 10:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008.01.19 10:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006.11.02 12:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006.11.02 11:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006.11.02 12:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008.01.19 10:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006.11.02 11:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008.01.19 08:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2008.01.19 08:53:04 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (936 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 update.microsoft.com
127.0.0.1 download.microsoft.com
127.0.0.1 downloads.microsoft.com
127.0.0.1 windowsupdate.microsoft.com
127.0.0.1 www.windowsupdate.microsoft.com
127.0.0.1 support.microsoft.com
127.0.0.1 www.symantec.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 update.symantec.com
127.0.0.1 avpg.crsi.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 pif.symantec.com
127.0.0.1 pifmain.symantec.com
127.0.0.1 update.avg.com
127.0.0.1 backup.avg.cz
127.0.0.1 akamai.avg.com
127.0.0.1 u20.eset.com
127.0.0.1 www.eset.com
127.0.0.1 eset.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 us.mcafee.com
7 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" File not found
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon File not found
"FixCamera"=C:\Windows\FixCamera.exe File not found
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File not found
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"S3Trayp"=S3trayp.exe File not found
"snp2std"=C:\Windows\vsnp2std.exe (Sonix)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"tsnp2std"=C:\Windows\tsnp2std.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Microsoft Excel'e Gö&nder: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001.04.11 20:00:10 | 09,169,016 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Uninstall BitDefender Online Scanner v8 -- C:\Windows\bdoscandel.exe ()
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: PartyCasino.com -- C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: PartyCasino.com -- C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file:///C:/Windows/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{396F47EC-A46B-4681-801F-CA1C91A4047A} (Servers: | Description: VIA Rhine II Uyumlu Fast Ethernet Bağdaştırıcısı)
{A64D4A98-9314-4AD0-9A8C-B1C4133D7537} (Servers: | Description: VIA Rhine II Fast Ethernet Bağdaştırıcısı)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008.01.19 10:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008.01.19 10:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006.09.19 00:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6223847b-7704-11dd-b5d7-001d922cbaf6}\Shell\AutoRun\command]
""=F:\TKD.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\TKD.EXE -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008.10.02 17:12:37 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe
[2008.10.02 16:55:37 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008.10.02 16:55:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\swreg.exe
[2008.10.01 18:35:15 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2008.10.01 18:35:15 | 00,000,232 | -H-- | C] () -- C:\sqmdata16.sqm
[2008.10.01 18:34:18 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2008.10.01 18:34:18 | 00,000,232 | -H-- | C] () -- C:\sqmdata15.sqm
[2008.10.01 16:06:55 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2008.10.01 16:06:20 | 21,207,3248 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2008.10.01 15:58:57 | 00,000,000 | ---D | C] -- C:\QooBox
[2008.10.01 15:58:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2008.10.01 15:58:56 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008.10.01 15:58:56 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2008.10.01 15:58:56 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008.10.01 15:58:56 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008.10.01 15:58:56 | 00,049,152 | ---- | C] () -- C:\Windows\VFind.exe
[2008.10.01 15:58:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\swxcacls.exe
[2008.10.01 15:51:21 | 02,885,114 | R--- | C] () -- C:\Users\CASPER\Desktop\ComboFix.exe
[2008.10.01 14:42:59 | 00,445,440 | ---- | C] () -- C:\Users\CASPER\Desktop\FRIDirUtil1v7.xls
[2008.09.28 15:42:47 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008.09.28 15:38:56 | 00,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008.09.25 05:50:57 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Local\Adobe
[2008.09.24 15:08:28 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Local\Ahead
[2008.09.24 00:08:05 | 02,554,762 | -H-- | C] () -- C:\Users\CASPER\AppData\Local\IconCache.db
[2008.09.24 00:02:27 | 10,720,95232 | -HS- | C] () -- C:\hiberfil.sys
[2008.09.23 21:27:26 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Roaming\Malwarebytes
[2008.09.23 21:27:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008.09.23 02:36:22 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2008.09.23 02:35:55 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Roaming\SUPERAntiSpyware.com
[2008.09.23 02:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008.09.23 02:35:23 | 06,586,904 | ---- | C] () -- C:\Users\CASPER\Desktop\SUPERAntiSpywarePro.exe
[2008.09.20 15:13:04 | 00,000,787 | ---- | C] () -- C:\Users\Public\Desktop\Photoviewer.lnk
[2008.09.20 15:13:03 | 00,000,000 | ---D | C] -- C:\Program Files\Photo Viewer
[2008.09.16 19:54:51 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008.09.16 19:54:49 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008.09.16 19:54:44 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2008.09.16 19:54:43 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008.09.16 19:54:43 | 00,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2008.09.16 19:54:43 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008.09.16 19:54:43 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2008.09.16 19:54:43 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2008.09.16 19:54:41 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll

========== Files - Modified Within 30 Days ==========

[2008.10.02 17:12:37 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe
[2008.10.02 17:01:08 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2008.10.02 16:50:21 | 01,382,408 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008.10.02 16:50:21 | 00,588,732 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2008.10.02 16:50:21 | 00,585,914 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008.10.02 16:50:21 | 00,114,782 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2008.10.02 16:50:21 | 00,100,718 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008.10.02 16:46:15 | 00,000,936 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2008.10.02 16:45:47 | 00,004,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008.10.02 16:45:47 | 00,004,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008.10.02 16:45:45 | 00,002,471 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2008.10.02 16:45:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008.10.02 16:45:37 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008.10.02 16:45:33 | 10,720,95232 | -HS- | M] () -- C:\hiberfil.sys
[2008.10.02 16:44:23 | 02,554,762 | -H-- | M] () -- C:\Users\CASPER\AppData\Local\IconCache.db
[2008.10.01 18:35:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008.10.01 18:35:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008.10.01 18:34:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008.10.01 18:34:18 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008.10.01 16:06:55 | 21,207,3248 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2008.10.01 15:51:35 | 02,885,114 | R--- | M] () -- C:\Users\CASPER\Desktop\ComboFix.exe
[2008.10.01 14:43:09 | 00,445,440 | ---- | M] () -- C:\Users\CASPER\Desktop\FRIDirUtil1v7.xls
[2008.09.30 21:54:33 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2008.09.29 22:32:44 | 00,192,000 | ---- | M] () -- C:\Users\CASPER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.29 20:27:33 | 00,000,504 | ---- | M] () -- C:\Users\CASPER\Documents\Paylaşım Klasörlerim.lnk
[2008.09.28 15:38:57 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2008.09.23 02:35:24 | 06,586,904 | ---- | M] () -- C:\Users\CASPER\Desktop\SUPERAntiSpywarePro.exe
[2008.09.20 15:13:04 | 00,000,787 | ---- | M] () -- C:\Users\Public\Desktop\Photoviewer.lnk
[2008.09.18 09:24:55 | 00,040,960 | ---- | M] () -- C:\Users\CASPER\Documents\2008 borē ödeme listesi.xls
< End of report >

#8 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 02 October 2008 - 01:37 PM

Hi there again PP;

I have menage the run kaspersky as administrator
It did not find anything; here is the log..

--------------------------------------------------------------------------------
KASPERSKY ONLİNE SCANNER 7 REPORT
Thursday, October 2, 2008
Operating System: Microsoft Windows Vista Starter Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 02, 2008 10:08:28
Records in database: 1282812
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 127684
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:41:09

No malware has been detected. The scan area is clean.

The selected area was scanned.

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 03 October 2008 - 07:13 AM

Hello Savasg. Looks better.

How is it running now?

Run ComboFix with CFScript
We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    RenV::
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN .EXE
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    C:\Program Files\MSN Messenger\MsnMsgr .Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
    C:\Windows\FixCamera .exe
    C:\Windows\RtHDVCpl .exe
    C:\Windows\tsnp2std .exe
    C:\Windows\vsnp2std .exe
    C:\Windows\System32\S3trayp .exe
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Reset Hosts File
  • Please down load HostsXpert.zip to your desktop and unzip the contents.
  • A folder named HostsXpert will be created. Open it and run HostsXpert.exe by double clicking it.
  • Click on the botton Make Writeable? .
  • Click Restore Microsoft's Hosts File.
  • Close out of the window.
If you have added modifications to your hosts file, they will need to be re-added



Post back with:
-the ComboFix log
-a new OTViewIt log
-a description of how your computer is now

With Regards,
The Panda

#10 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 03 October 2008 - 11:16 AM

Hi Panda;
I did Combofix; log as below;
I run Hostsxpert but it did not make changes in log files
I Restart the comp.
I run the hostxpert again; this time it worked
I run OTViewit; log as below;please note that I had the same error message "Acess Violation at adress 77C15973 in module "ntdll.dll".Read of address 00000022" and no extra log either
But Computer seems working fine;
Do you think it is OK now?

ComboFix 08-09-30.03 - CASPER 2008-10-03 18:42:41.8 - NTFSx86
Microsoft® Windows Vista™ Starter 6.0.6001.1.1254.1.1055.18.497 [GMT 3:00]
Running from: C:\Users\CASPER\Desktop\ComboFix.exe
Command switches used :: C:\Users\CASPER\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@ad.yieldmanager[2].txt

.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-10-01 18:35 . 2008-10-01 18:35 244 --ah----- C:\sqmnoopt16.sqm
2008-10-01 18:35 . 2008-10-01 18:35 232 --ah----- C:\sqmdata16.sqm
2008-10-01 18:34 . 2008-10-01 18:34 244 --ah----- C:\sqmnoopt15.sqm
2008-10-01 18:34 . 2008-10-01 18:34 232 --ah----- C:\sqmdata15.sqm
2008-10-01 16:06 . 2008-10-01 16:06 212,073,248 --a------ C:\Windows\MEMORY.DMP
2008-09-28 15:38 . 2008-09-28 15:38 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\Malwarebytes
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-23 04:28 . 2008-09-23 04:28 <DIR> d-------- C:\Windows\Google Earth Pro 4.2
2008-09-23 04:28 . 2008-09-23 04:29 <DIR> d-------- C:\Program Files\Google Earth Pro 4.2
2008-09-23 02:36 . 2008-09-23 02:36 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-23 02:35 . 2008-09-28 15:42 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\SUPERAntiSpyware.com
2008-09-23 02:35 . 2008-09-28 15:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-20 15:13 . 2008-09-20 15:13 <DIR> d-------- C:\Program Files\Photo Viewer
2008-09-16 19:54 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-16 19:54 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-16 19:54 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-16 19:54 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-16 19:54 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-16 19:54 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-16 19:54 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-16 19:54 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-16 19:54 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 15:37 --------- d-----w C:\Users\CASPER\AppData\Roaming\uTorrent
2008-10-02 13:46 --------- d---a-w C:\ProgramData\TEMP
2008-09-28 12:40 --------- d-----w C:\Program Files\myBabylon
2008-09-28 12:40 --------- d-----w C:\Program Files\Conduit
2008-09-28 12:37 --------- d-----w C:\Program Files\IKEA Home Planner
2008-09-23 01:26 --------- d-----w C:\Users\CASPER\AppData\Roaming\Flood Light Games
2008-09-23 01:22 --------- d-----w C:\ProgramData\HipSoft
2008-09-23 01:21 --------- d-----w C:\ProgramData\Flood Light Games
2008-09-01 20:56 --------- d-----w C:\Program Files\Java
2008-08-29 19:37 --------- d-----w C:\Program Files\Windows Mail
2008-08-27 05:52 88 --sh--r C:\ProgramData\9198EF88B9.sys
2008-08-27 05:52 2,516 --sha-w C:\ProgramData\KGyGaAvL.sys
2008-08-27 05:52 --------- d-----w C:\ProgramData\Corel
2008-08-19 19:47 --------- d-----w C:\Users\CASPER\AppData\Roaming\LimeWire
2008-08-04 01:24 --------- d-----w C:\Program Files\B.G-Sozluk
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-22 20:12 60,072 ----a-w C:\Users\CASPER\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-04-18 17:35 174 --sha-w C:\Program Files\desktop.ini
.
<pre>
----a-w		   856,064 2007-12-30 10:08:22  C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe
----a-w			39,792 2007-12-30 10:08:13  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w		   398,944 2007-12-29 22:18:01  C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN .EXE
----a-w		   155,648 2007-12-30 10:08:13  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w		   143,360 2007-12-30 10:08:23  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w		 5,674,352 2007-12-24 15:55:31  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		 1,460,560 2007-12-30 10:08:24  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w			20,480 2007-12-30 10:08:18  C:\Windows\FixCamera .exe
----a-w		 4,431,872 2007-12-30 10:08:15  C:\Windows\RtHDVCpl .exe
----a-w		   270,336 2007-12-30 10:08:22  C:\Windows\tsnp2std .exe
----a-w		   344,064 2007-12-30 10:08:23  C:\Windows\vsnp2std .exe
----a-w		   176,128 2007-12-30 10:08:12  C:\Windows\System32\S3trayp .exe
</pre>


((((((((((((((((((((((((((((( snapshot_2008-10-02_17.01.55.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-02 13:45:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-03 10:54:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-02 13:45:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-03 10:54:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-02 13:46:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-03 10:55:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-03 10:55:59 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-02 13:46:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-03 10:55:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-03 10:55:16 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-02 13:47:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-03 14:56:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-02 13:47:37 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-03 14:56:17 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-02 13:47:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-03 14:56:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-02 13:50:21 100,718 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-03 10:58:51 100,718 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-02 13:50:21 114,782 ----a-w C:\Windows\System32\perfc01F.dat
+ 2008-10-03 10:58:51 114,782 ----a-w C:\Windows\System32\perfc01F.dat
- 2008-10-02 13:50:21 585,914 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-03 10:58:51 585,914 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-02 13:50:21 588,732 ----a-w C:\Windows\System32\perfh01F.dat
+ 2008-10-03 10:58:51 588,732 ----a-w C:\Windows\System32\perfh01F.dat
- 2008-10-02 13:47:37 13,146 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1368108717-4242774170-1273681994-1000_UserData.bin
+ 2008-10-03 10:56:05 13,146 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1368108717-4242774170-1273681994-1000_UserData.bin
- 2008-10-02 13:47:37 78,034 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-03 10:56:05 78,034 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-02 13:47:35 42,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-03 10:56:03 42,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [N/A]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"FixCamera"="C:\Windows\FixCamera.exe" [N/A]
"tsnp2std"="C:\Windows\tsnp2std.exe" [N/A]
"snp2std"="C:\Windows\vsnp2std.exe" [2007-05-10 344064]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [N/A]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [N/A]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 C:\Windows\RtHDVCpl.exe]
"S3Trayp"="S3trayp.exe" [N/A]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-13 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1368108717-4242774170-1273681994-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF51D0CF-1717-4349-A654-B354CED7EDC8}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A123CA06-72C5-4425-84D4-DA4BC1CF9F8C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{FEF69B70-3CDC-43AD-B839-B7AF30C51370}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{52981748-AA44-4F35-87BB-62C3940EF3F1}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"{0ABBD158-F0AE-4A00-AFA8-F6FA92E5CFB7}"= UDP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"{DFB9A8A7-FCBD-4859-A6F5-746AA73D0A85}"= TCP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"TCP Query User{A55F86CF-8EA5-412E-A300-B24B0E587301}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{1C620539-3F04-4B4D-9A9C-24DFF5ADEA4D}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{DA91A1C1-00AB-4F34-8EF9-024D0FCC7489}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F4028400-BC40-4C22-A798-E5552D6A9AC2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{27376D19-7827-45F2-BBC1-B332D2E9971B}C:\\program files\\msn messenger\\msnmsgr .exe"= UDP:C:\program files\msn messenger\msnmsgr .exe:Messenger
"UDP Query User{D6ED12A6-4752-4C14-B89F-176FF51E7E20}C:\\program files\\msn messenger\\msnmsgr .exe"= TCP:C:\program files\msn messenger\msnmsgr .exe:Messenger
"{4A7510B0-819F-4BCC-9E82-7B47CCA372B0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{72AA1ABE-6570-462F-9DFE-6037C24B45A9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8CD240E5-25AE-4A2E-BE3B-9493DFA6E7D6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F49EDA5-0D28-499B-8099-3FBDB62A99AD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC04CF6E-23AF-4FBA-8513-F7CFDB2D54AD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{03420A55-B2ED-4745-9888-C127914F11C6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-05-10 12179584]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-04-06 861184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\TKD.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6223847b-7704-11dd-b5d7-001d922cbaf6}]
\shell\AutoRun\command - F:\TKD.EXE
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 18:47:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-03 18:49:37
ComboFix-quarantined-files.txt 2008-10-03 15:48:33
ComboFix2.txt 2008-10-02 14:04:02
ComboFix3.txt 2008-10-01 13:16:34
ComboFix4.txt 2008-01-13 10:05:52

Pre-Run: 43.249.295.360 bayt boş
Post-Run: 43,318,173,696 bayt boş

208 --- E O F --- 2008-09-16 16:57:42

OTViewIt logfile created on: 03.10.2008 19:06:42 - Run 7
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\CASPER\Desktop
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

1021,70 Mb Total Physical Memory | 464,40 Mb Available Physical Memory | 45,45% Memory free
2,26 Gb Paging File | 1,58 Gb Available in Paging File | 69,89% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,38 Gb Total Space | 40,51 Gb Free Space | 48,59% Space Free | Partition Type: NTFS
Drive D: | 65,67 Gb Total Space | 7,48 Gb Free Space | 11,40% Space Free | Partition Type: NTFS
Drive E: | 1,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASPER-PC
Current User Name: CASPER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008.01.19 10:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008.01.19 10:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008.01.19 10:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008.01.19 10:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008.01.19 10:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007.04.10 11:01:32 | 04,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2008.07.19 17:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2007.05.10 17:58:42 | 00,344,064 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe
[2008.04.23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2008.06.10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008.04.15 02:40:39 | 00,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
[2005.04.04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
[2008.07.19 17:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008.07.19 17:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2007.07.24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
[2008.05.27 08:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008.01.19 10:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2005.04.04 19:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
[2008.01.19 10:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008.01.19 10:33:04 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2008.01.19 10:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2008.01.19 10:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008.01.19 10:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008.10.02 17:12:37 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007.12.13 22:17:41 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005.04.04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
[2008.07.19 17:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
[2008.07.19 17:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008.07.19 17:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
[2008.07.23 17:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
[2008.01.05 14:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008.01.19 10:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008.01.05 14:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008.01.19 10:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008.01.05 14:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006.11.02 16:06:13 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2007.01.05 13:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2008.01.05 14:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006.12.23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007.07.24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
[2008.01.19 10:36:17 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008.01.19 10:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
[2008.01.19 10:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006.11.02 12:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008.01.19 10:33:33 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
[2008.01.19 10:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007.10.18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008.01.19 10:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008.01.02 04:39:02 | 00,024,576 | ---- | M] (Atribune.org) -- C:\Windows\System32\VundoFixSVC.exe -- (VundoFixSvc [On_Demand | Stopped])
[2007.10.25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008.05.27 08:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006.11.02 12:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006.11.02 12:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006.11.02 12:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006.11.02 12:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006.11.02 12:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006.11.02 12:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006.11.02 12:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006.11.02 11:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006.11.02 11:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006.11.02 12:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008.07.19 17:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008.07.19 17:36:03 | 00,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
[2008.07.19 17:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
[2008.07.19 17:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008.07.19 17:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2007.09.29 06:13:56 | 03,154,944 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Running])
[2006.11.02 10:30:53 | 00,167,936 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])
File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2008.01.19 08:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006.11.02 11:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006.11.02 11:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006.11.02 11:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006.11.02 11:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006.11.02 11:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006.11.02 11:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006.11.02 11:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Stopped])
[2006.11.02 11:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008.01.19 10:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006.11.02 12:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006.11.02 12:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006.11.02 11:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008.01.19 08:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008.08.02 04:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008.01.19 10:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006.11.02 12:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008.01.19 08:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2006.11.02 10:30:56 | 00,045,568 | ---- | M] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running])
[2008.01.19 10:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008.01.19 08:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006.11.02 12:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006.11.02 10:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008.01.19 07:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006.11.02 11:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006.11.02 11:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006.11.02 12:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp [Disabled | Stopped])
[2006.10.19 05:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])
[2006.11.02 12:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006.11.02 12:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2007.04.10 14:05:38 | 01,764,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008.01.19 08:27:21 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm [On_Demand | Running])
[2006.11.02 11:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008.01.19 10:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006.11.02 12:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006.11.02 12:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008.01.19 08:49:17 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008.01.19 08:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006.11.02 12:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006.11.02 12:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008.01.19 08:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006.11.02 12:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008.01.19 08:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006.11.02 12:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008.01.19 08:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006.11.02 12:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008.05.08 22:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008.01.19 08:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006.11.02 12:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006.11.02 12:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008.01.19 10:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008.01.19 10:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008.01.19 08:49:19 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008.05.20 05:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006.11.02 12:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008.01.19 08:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006.11.02 10:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006.11.02 12:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006.11.02 12:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006.11.02 12:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006.11.02 12:49:20 | 00,013,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys -- (pciide [Disabled | Stopped])
[2006.11.02 12:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2006.11.02 11:30:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys -- (Processor [Disabled | Stopped])
[2008.04.05 04:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006.11.02 12:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008.01.19 08:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2007.09.29 06:13:56 | 03,154,944 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2008.01.19 08:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008.01.19 09:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008.01.19 08:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2007.04.06 11:22:08 | 00,861,184 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP [On_Demand | Stopped])
[2006.11.02 12:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006.11.02 09:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008.01.19 08:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006.11.02 11:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006.11.02 11:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006.11.02 11:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006.11.02 12:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006.11.02 12:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008.01.19 08:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2007.05.10 17:10:50 | 12,179,584 | ---- | M] () -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD [On_Demand | Running])
[2008.01.19 10:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008.01.19 08:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008.01.19 08:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006.11.02 12:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006.11.02 12:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006.11.02 12:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008.01.19 08:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008.01.19 08:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008.01.19 09:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008.01.19 08:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008.01.19 08:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2008.01.19 10:42:32 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [Boot | Running])
[2006.11.02 12:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006.11.02 12:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006.11.02 12:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008.01.19 08:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006.11.02 11:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008.01.19 08:53:21 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2006.11.02 11:55:05 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci [Disabled | Stopped])
[2006.11.02 11:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006.11.02 12:49:52 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp [On_Demand | Stopped])
[2006.11.02 11:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008.01.19 10:41:25 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Boot | Running])
[2008.01.19 10:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008.01.19 10:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006.11.02 12:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006.11.02 11:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006.11.02 12:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008.01.19 10:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006.11.02 11:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008.01.19 08:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2008.01.19 08:53:04 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (698 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" File not found
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon File not found
"FixCamera"=C:\Windows\FixCamera.exe File not found
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File not found
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"S3Trayp"=S3trayp.exe File not found
"snp2std"=C:\Windows\vsnp2std.exe (Sonix)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"tsnp2std"=C:\Windows\tsnp2std.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Microsoft Excel'e Gö&nder: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001.04.11 20:00:10 | 09,169,016 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Uninstall BitDefender Online Scanner v8 -- C:\Windows\bdoscandel.exe ()
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: PartyCasino.com -- C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: PartyCasino.com -- C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file:///C:/Windows/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{396F47EC-A46B-4681-801F-CA1C91A4047A} (Servers: | Description: VIA Rhine II Uyumlu Fast Ethernet Bağdaştırıcısı)
{A64D4A98-9314-4AD0-9A8C-B1C4133D7537} (Servers: | Description: VIA Rhine II Fast Ethernet Bağdaştırıcısı)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008.01.19 10:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008.01.19 10:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006.09.19 00:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6223847b-7704-11dd-b5d7-001d922cbaf6}\Shell\AutoRun\command]
""=F:\TKD.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\TKD.EXE -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008.10.03 18:53:01 | 00,000,000 | ---D | C] -- C:\Users\CASPER\Desktop\HostsXpert
[2008.10.03 18:52:32 | 00,353,485 | ---- | C] () -- C:\Users\CASPER\Desktop\HostsXpert.zip
[2008.10.03 18:42:38 | 00,053,248 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2008.10.03 18:41:59 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008.10.03 18:41:58 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\swreg.exe
[2008.10.02 17:12:37 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe
[2008.10.01 18:35:15 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2008.10.01 18:35:15 | 00,000,232 | -H-- | C] () -- C:\sqmdata16.sqm
[2008.10.01 18:34:18 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2008.10.01 18:34:18 | 00,000,232 | -H-- | C] () -- C:\sqmdata15.sqm
[2008.10.01 16:06:55 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2008.10.01 16:06:20 | 21,207,3248 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2008.10.01 15:58:57 | 00,000,000 | ---D | C] -- C:\QooBox
[2008.10.01 15:58:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2008.10.01 15:58:56 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008.10.01 15:58:56 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2008.10.01 15:58:56 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008.10.01 15:58:56 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008.10.01 15:58:56 | 00,049,152 | ---- | C] () -- C:\Windows\VFind.exe
[2008.10.01 15:58:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\swxcacls.exe
[2008.10.01 15:51:21 | 02,885,114 | R--- | C] () -- C:\Users\CASPER\Desktop\ComboFix.exe
[2008.09.28 15:42:47 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008.09.28 15:38:56 | 00,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008.09.25 05:50:57 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Local\Adobe
[2008.09.24 15:08:28 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Local\Ahead
[2008.09.24 00:08:05 | 02,561,722 | -H-- | C] () -- C:\Users\CASPER\AppData\Local\IconCache.db
[2008.09.24 00:02:27 | 10,720,95232 | -HS- | C] () -- C:\hiberfil.sys
[2008.09.23 21:27:26 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Roaming\Malwarebytes
[2008.09.23 21:27:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008.09.23 02:36:22 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2008.09.23 02:35:55 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Roaming\SUPERAntiSpyware.com
[2008.09.23 02:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008.09.20 15:13:04 | 00,000,787 | ---- | C] () -- C:\Users\Public\Desktop\Photoviewer.lnk
[2008.09.20 15:13:03 | 00,000,000 | ---D | C] -- C:\Program Files\Photo Viewer
[2008.09.16 19:54:51 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008.09.16 19:54:49 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008.09.16 19:54:44 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2008.09.16 19:54:43 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008.09.16 19:54:43 | 00,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2008.09.16 19:54:43 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008.09.16 19:54:43 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2008.09.16 19:54:43 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2008.09.16 19:54:41 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll

========== Files - Modified Within 30 Days ==========

[2008.10.03 19:05:27 | 00,000,698 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2008.10.03 19:03:46 | 00,004,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008.10.03 19:03:46 | 00,004,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008.10.03 19:03:44 | 00,002,471 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2008.10.03 19:03:38 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008.10.03 19:03:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008.10.03 19:03:32 | 10,720,95232 | -HS- | M] () -- C:\hiberfil.sys
[2008.10.03 19:02:05 | 02,561,722 | -H-- | M] () -- C:\Users\CASPER\AppData\Local\IconCache.db
[2008.10.03 18:52:35 | 00,353,485 | ---- | M] () -- C:\Users\CASPER\Desktop\HostsXpert.zip
[2008.10.03 18:49:41 | 00,053,248 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2008.10.03 18:46:58 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2008.10.03 13:58:51 | 01,382,408 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008.10.03 13:58:51 | 00,588,732 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2008.10.03 13:58:51 | 00,585,914 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008.10.03 13:58:51 | 00,114,782 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2008.10.03 13:58:51 | 00,100,718 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008.10.02 17:12:37 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe
[2008.10.01 18:35:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008.10.01 18:35:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008.10.01 18:34:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008.10.01 18:34:18 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008.10.01 16:06:55 | 21,207,3248 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2008.10.01 15:51:35 | 02,885,114 | R--- | M] () -- C:\Users\CASPER\Desktop\ComboFix.exe
[2008.09.30 21:54:33 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2008.09.29 22:32:44 | 00,192,000 | ---- | M] () -- C:\Users\CASPER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.29 20:27:33 | 00,000,504 | ---- | M] () -- C:\Users\CASPER\Documents\Paylaşım Klasörlerim.lnk
[2008.09.28 15:38:57 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2008.09.20 15:13:04 | 00,000,787 | ---- | M] () -- C:\Users\Public\Desktop\Photoviewer.lnk
[2008.09.18 09:24:55 | 00,040,960 | ---- | M] () -- C:\Users\CASPER\Documents\2008 borē ödeme listesi.xls
< End of report >

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 04 October 2008 - 08:56 AM

Hello Savasg.

I run OTViewit; log as below;please note that I had the same error message "Acess Violation at adress 77C15973 in module "ntdll.dll".Read of address 00000022" and no extra log either
But Computer seems working fine;

Did you choose Run as Administrator? Doesn't look like anything went wrong. The Extra.txt is only produced on the first run.

Create and Run Batch Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    @ECHO OFF
    for %%a in (
    "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe"
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe"
    "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN .EXE"
    "C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe"
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe"
    "C:\Program Files\MSN Messenger\MsnMsgr .Exe"
    "C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe"
    "C:\Windows\FixCamera .exe"
    "C:\Windows\RtHDVCpl .exe"
    "C:\Windows\tsnp2std .exe"
    "C:\Windows\vsnp2std .exe"
    "C:\Windows\System32\S3trayp .exe"
    ) do ( 
    attrib -s -h -r %%a
    )
    ren "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe" "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    ren "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe" "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    ren "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN .EXE" "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE"
    ren "C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe" "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    ren "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe" "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    ren "C:\Program Files\MSN Messenger\MsnMsgr .Exe" "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    ren "C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe" "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    ren "C:\Windows\FixCamera .exe" "C:\Windows\FixCamera.exe"
    ren "C:\Windows\RtHDVCpl .exe" "C:\Windows\RtHDVCpl.exe"
    ren "C:\Windows\tsnp2std .exe" "C:\Windows\tsnp2std.exe"
    ren "C:\Windows\vsnp2std .exe" "C:\Windows\vsnp2std.exe"
    ren "C:\Windows\System32\S3trayp .exe" "C:\Windows\System32\S3trayp.exe"
    del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.bat
  • Hit OK.
When done properly, the icon should look like Posted Image.

Right click fix.bat and select Run as Administrator. You will see a black command prompt window open then close. It might seem like nothing is happening, but the script is running.



Run ComboFix again just by clicking it , then post a new OTViewIt log also. Do run as Administrator for both.

With Regards,
The Panda

#12 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 04 October 2008 - 09:50 AM

Hi there again;

Yes I have run as administrator before; this time I run both Combo and OTView normally but batchscript as admin as you asked; Combofix asked to update new version available, I click NO
Here is the logs

ComboFix 08-09-30.03 - CASPER 2008-10-04 17:33:21.9 - NTFSx86
Microsoft® Windows Vista™ Starter 6.0.6001.1.1254.1.1055.18.514 [GMT 3:00]
Running from: C:\Users\CASPER\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@ad.yieldmanager[1].txt

.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.

2008-10-01 18:35 . 2008-10-01 18:35 244 --ah----- C:\sqmnoopt16.sqm
2008-10-01 18:35 . 2008-10-01 18:35 232 --ah----- C:\sqmdata16.sqm
2008-10-01 18:34 . 2008-10-01 18:34 244 --ah----- C:\sqmnoopt15.sqm
2008-10-01 18:34 . 2008-10-01 18:34 232 --ah----- C:\sqmdata15.sqm
2008-10-01 16:06 . 2008-10-01 16:06 212,073,248 --a------ C:\Windows\MEMORY.DMP
2008-09-28 15:38 . 2008-09-28 15:38 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\Malwarebytes
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-23 04:28 . 2008-09-23 04:28 <DIR> d-------- C:\Windows\Google Earth Pro 4.2
2008-09-23 04:28 . 2008-09-23 04:29 <DIR> d-------- C:\Program Files\Google Earth Pro 4.2
2008-09-23 02:36 . 2008-09-23 02:36 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-23 02:35 . 2008-09-28 15:42 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\SUPERAntiSpyware.com
2008-09-23 02:35 . 2008-09-28 15:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-20 15:13 . 2008-09-20 15:13 <DIR> d-------- C:\Program Files\Photo Viewer
2008-09-16 19:54 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-16 19:54 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-16 19:54 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-16 19:54 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-16 19:54 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-16 19:54 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-16 19:54 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-16 19:54 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-16 19:54 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 11:40 --------- d-----w C:\Users\CASPER\AppData\Roaming\LimeWire
2008-10-04 10:50 --------- d-----w C:\Users\CASPER\AppData\Roaming\uTorrent
2008-10-02 13:46 --------- d---a-w C:\ProgramData\TEMP
2008-09-28 12:40 --------- d-----w C:\Program Files\myBabylon
2008-09-28 12:40 --------- d-----w C:\Program Files\Conduit
2008-09-28 12:37 --------- d-----w C:\Program Files\IKEA Home Planner
2008-09-23 01:26 --------- d-----w C:\Users\CASPER\AppData\Roaming\Flood Light Games
2008-09-23 01:22 --------- d-----w C:\ProgramData\HipSoft
2008-09-23 01:21 --------- d-----w C:\ProgramData\Flood Light Games
2008-09-01 20:56 --------- d-----w C:\Program Files\Java
2008-08-29 19:37 --------- d-----w C:\Program Files\Windows Mail
2008-08-27 05:52 88 --sh--r C:\ProgramData\9198EF88B9.sys
2008-08-27 05:52 2,516 --sha-w C:\ProgramData\KGyGaAvL.sys
2008-08-27 05:52 --------- d-----w C:\ProgramData\Corel
2008-08-04 01:24 --------- d-----w C:\Program Files\B.G-Sozluk
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-22 20:12 60,072 ----a-w C:\Users\CASPER\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-04-18 17:35 174 --sha-w C:\Program Files\desktop.ini
.
<pre>
----a-w		   856,064 2007-12-30 10:08:22  C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe
----a-w			39,792 2007-12-30 10:08:13  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w		   398,944 2007-12-29 22:18:01  C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN .EXE
----a-w		   155,648 2007-12-30 10:08:13  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w		   143,360 2007-12-30 10:08:23  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w		 5,674,352 2007-12-24 15:55:31  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		 1,460,560 2007-12-30 10:08:24  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w			20,480 2007-12-30 10:08:18  C:\Windows\FixCamera .exe
----a-w		 4,431,872 2007-12-30 10:08:15  C:\Windows\RtHDVCpl .exe
----a-w		   270,336 2007-12-30 10:08:22  C:\Windows\tsnp2std .exe
----a-w		   344,064 2007-12-30 10:08:23  C:\Windows\vsnp2std .exe
----a-w		   176,128 2007-12-30 10:08:12  C:\Windows\System32\S3trayp .exe
</pre>


((((((((((((((((((((((((((((( snapshot_2008-10-03_18.47.45.61 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-03 10:54:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-03 16:03:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-03 10:54:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-03 16:03:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-03 10:55:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-03 16:04:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-03 10:55:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-03 16:04:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-03 16:04:58 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-03 14:56:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-04 12:38:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-03 14:56:17 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-04 12:38:36 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-03 14:56:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-04 12:38:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-03 10:58:51 100,718 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-04 10:52:31 100,718 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-03 10:58:51 114,782 ----a-w C:\Windows\System32\perfc01F.dat
+ 2008-10-04 10:52:31 114,782 ----a-w C:\Windows\System32\perfc01F.dat
- 2008-10-03 10:58:51 585,914 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-04 10:52:31 585,914 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-03 10:58:51 588,732 ----a-w C:\Windows\System32\perfh01F.dat
+ 2008-10-04 10:52:31 588,732 ----a-w C:\Windows\System32\perfh01F.dat
- 2008-10-03 10:56:05 13,146 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1368108717-4242774170-1273681994-1000_UserData.bin
+ 2008-10-03 16:05:42 13,146 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1368108717-4242774170-1273681994-1000_UserData.bin
- 2008-10-03 10:56:05 78,034 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-03 16:05:42 78,034 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-03 10:56:03 42,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-03 16:05:41 42,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [N/A]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"FixCamera"="C:\Windows\FixCamera.exe" [N/A]
"tsnp2std"="C:\Windows\tsnp2std.exe" [N/A]
"snp2std"="C:\Windows\vsnp2std.exe" [2007-05-10 344064]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [N/A]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [N/A]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 C:\Windows\RtHDVCpl.exe]
"S3Trayp"="S3trayp.exe" [N/A]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-13 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1368108717-4242774170-1273681994-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF51D0CF-1717-4349-A654-B354CED7EDC8}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A123CA06-72C5-4425-84D4-DA4BC1CF9F8C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{FEF69B70-3CDC-43AD-B839-B7AF30C51370}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{52981748-AA44-4F35-87BB-62C3940EF3F1}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"{0ABBD158-F0AE-4A00-AFA8-F6FA92E5CFB7}"= UDP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"{DFB9A8A7-FCBD-4859-A6F5-746AA73D0A85}"= TCP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"TCP Query User{A55F86CF-8EA5-412E-A300-B24B0E587301}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{1C620539-3F04-4B4D-9A9C-24DFF5ADEA4D}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{DA91A1C1-00AB-4F34-8EF9-024D0FCC7489}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F4028400-BC40-4C22-A798-E5552D6A9AC2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{27376D19-7827-45F2-BBC1-B332D2E9971B}C:\\program files\\msn messenger\\msnmsgr .exe"= UDP:C:\program files\msn messenger\msnmsgr .exe:Messenger
"UDP Query User{D6ED12A6-4752-4C14-B89F-176FF51E7E20}C:\\program files\\msn messenger\\msnmsgr .exe"= TCP:C:\program files\msn messenger\msnmsgr .exe:Messenger
"{4A7510B0-819F-4BCC-9E82-7B47CCA372B0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{72AA1ABE-6570-462F-9DFE-6037C24B45A9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8CD240E5-25AE-4A2E-BE3B-9493DFA6E7D6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F49EDA5-0D28-499B-8099-3FBDB62A99AD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC04CF6E-23AF-4FBA-8513-F7CFDB2D54AD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{03420A55-B2ED-4745-9888-C127914F11C6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-05-10 12179584]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-04-06 861184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\TKD.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6223847b-7704-11dd-b5d7-001d922cbaf6}]
\shell\AutoRun\command - F:\TKD.EXE
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Microsoft Excel'e Gö&nder - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 -: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 -: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe -

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 17:37:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-04 17:40:11
ComboFix-quarantined-files.txt 2008-10-04 14:39:06
ComboFix2.txt 2008-10-03 15:49:40
ComboFix3.txt 2008-10-02 14:04:02
ComboFix4.txt 2008-10-01 13:16:34
ComboFix5.txt 2008-10-04 14:33:00

Pre-Run: 43.389.620.224 bayt boş
Post-Run: 43,799,502,848 bayt boş

224 --- E O F --- 2008-09-16 16:57:42


OTViewIt logfile created on: 04.10.2008 17:42:35 - Run 8
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\CASPER\Desktop
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

1021,70 Mb Total Physical Memory | 454,27 Mb Available Physical Memory | 44,46% Memory free
2,26 Gb Paging File | 1,49 Gb Available in Paging File | 65,96% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,38 Gb Total Space | 40,83 Gb Free Space | 48,97% Space Free | Partition Type: NTFS
Drive D: | 65,67 Gb Total Space | 5,32 Gb Free Space | 8,10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 55,88 Gb Total Space | 19,29 Gb Free Space | 34,52% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASPER-PC
Current User Name: CASPER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008.01.19 10:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008.01.19 10:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008.01.19 10:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008.01.19 10:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008.01.19 10:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007.04.10 11:01:32 | 04,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2008.07.19 17:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008.04.23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2008.06.10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2005.04.04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
[2008.07.19 17:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008.07.19 17:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2007.07.24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
[2008.01.19 10:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2005.04.04 19:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
[2008.01.19 10:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2008.01.19 10:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008.01.19 10:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008.01.19 10:33:04 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2008.05.27 08:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008.10.02 17:12:37 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007.12.13 22:17:41 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005.04.04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
[2008.07.19 17:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2007.09.29 06:01:02 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
[2008.07.19 17:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008.07.19 17:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
[2008.07.23 17:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
[2008.01.05 14:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008.01.19 10:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008.01.05 14:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008.01.19 10:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008.01.05 14:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006.11.02 16:06:13 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2007.01.05 13:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2008.01.05 14:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006.12.23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007.07.24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
[2008.01.19 10:36:17 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008.01.19 10:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
[2008.01.19 10:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006.11.02 12:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008.01.19 10:33:33 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
[2008.01.19 10:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007.10.18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008.01.19 10:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008.01.02 04:39:02 | 00,024,576 | ---- | M] (Atribune.org) -- C:\Windows\System32\VundoFixSVC.exe -- (VundoFixSvc [On_Demand | Stopped])
[2007.10.25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008.05.27 08:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006.11.02 12:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006.11.02 12:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006.11.02 12:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006.11.02 12:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006.11.02 12:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006.11.02 12:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006.11.02 12:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006.11.02 11:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006.11.02 11:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006.11.02 12:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008.07.19 17:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008.07.19 17:36:03 | 00,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
[2008.07.19 17:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
[2008.07.19 17:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008.07.19 17:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2007.09.29 06:13:56 | 03,154,944 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Running])
[2006.11.02 10:30:53 | 00,167,936 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])
File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2008.01.19 08:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006.11.02 11:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006.11.02 11:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006.11.02 11:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006.11.02 11:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006.11.02 11:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006.11.02 11:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006.11.02 11:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Running])
[2006.11.02 11:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008.01.19 10:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006.11.02 12:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006.11.02 12:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006.11.02 11:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008.01.19 08:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008.08.02 04:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008.01.19 10:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006.11.02 12:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008.01.19 08:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2006.11.02 10:30:56 | 00,045,568 | ---- | M] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running])
[2008.01.19 10:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008.01.19 08:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006.11.02 12:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006.11.02 10:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008.01.19 07:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006.11.02 11:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006.11.02 11:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006.11.02 12:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp [Disabled | Stopped])
[2006.10.19 05:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])
[2006.11.02 12:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006.11.02 12:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2007.04.10 14:05:38 | 01,764,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008.01.19 08:27:21 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm [On_Demand | Running])
[2006.11.02 11:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008.01.19 10:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006.11.02 12:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006.11.02 12:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008.01.19 08:49:17 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008.01.19 08:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006.11.02 12:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006.11.02 12:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006.11.02 12:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008.01.19 08:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006.11.02 12:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008.01.19 08:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006.11.02 12:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008.01.19 08:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006.11.02 12:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008.05.08 22:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008.01.19 08:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006.11.02 12:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006.11.02 12:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008.01.19 10:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008.01.19 10:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008.01.19 08:49:19 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008.05.20 05:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006.11.02 12:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008.01.19 08:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006.11.02 10:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006.11.02 12:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006.11.02 12:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006.11.02 12:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006.11.02 12:49:20 | 00,013,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys -- (pciide [Disabled | Stopped])
[2006.11.02 12:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2006.11.02 11:30:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys -- (Processor [Disabled | Stopped])
[2008.04.05 04:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006.11.02 12:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008.01.19 08:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2007.09.29 06:13:56 | 03,154,944 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2008.01.19 08:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008.01.19 09:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008.01.19 08:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2007.04.06 11:22:08 | 00,861,184 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP [On_Demand | Stopped])
[2006.11.02 12:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006.11.02 09:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008.01.19 08:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006.11.02 11:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006.11.02 11:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006.11.02 11:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006.11.02 12:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006.11.02 12:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008.01.19 08:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2007.05.10 17:10:50 | 12,179,584 | ---- | M] () -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD [On_Demand | Running])
[2008.01.19 10:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008.01.19 08:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008.01.19 08:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006.11.02 12:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006.11.02 12:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006.11.02 12:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008.01.19 08:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008.01.19 08:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008.01.19 09:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008.01.19 08:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008.01.19 08:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2008.01.19 10:42:32 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [Boot | Running])
[2006.11.02 12:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006.11.02 12:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006.11.02 12:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006.11.02 12:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008.01.19 08:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006.11.02 11:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008.01.19 08:53:21 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2006.11.02 11:55:05 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci [Disabled | Stopped])
[2006.11.02 11:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006.11.02 12:49:52 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp [On_Demand | Stopped])
[2006.11.02 11:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008.01.19 10:41:25 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Boot | Running])
[2008.01.19 10:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008.01.19 10:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006.11.02 12:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006.11.02 11:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006.11.02 12:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008.01.19 10:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006.11.02 11:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008.01.19 08:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2008.01.19 08:53:04 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (698 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" File not found
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon File not found
"FixCamera"=C:\Windows\FixCamera.exe File not found
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe File not found
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"S3Trayp"=S3trayp.exe File not found
"snp2std"=C:\Windows\vsnp2std.exe (Sonix)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"tsnp2std"=C:\Windows\tsnp2std.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDFSTab"=1
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1368108717-4242774170-1273681994-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006.12.18 05:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Microsoft Excel'e Gö&nder: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001.04.11 20:00:10 | 09,169,016 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Uninstall BitDefender Online Scanner v8 -- C:\Windows\bdoscandel.exe ()
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: PartyCasino.com -- C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: PartyCasino.com -- C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file:///C:/Windows/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{396F47EC-A46B-4681-801F-CA1C91A4047A} (Servers: | Description: VIA Rhine II Uyumlu Fast Ethernet Bağdaştırıcısı)
{A64D4A98-9314-4AD0-9A8C-B1C4133D7537} (Servers: | Description: VIA Rhine II Fast Ethernet Bağdaştırıcısı)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008.01.19 10:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008.01.19 10:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006.09.19 00:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6223847b-7704-11dd-b5d7-001d922cbaf6}\Shell\AutoRun\command]
""=F:\TKD.EXE -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\TKD.EXE -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008.10.04 17:32:49 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008.10.04 17:32:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\swreg.exe
[2008.10.02 17:12:37 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe
[2008.10.01 18:35:15 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2008.10.01 18:35:15 | 00,000,232 | -H-- | C] () -- C:\sqmdata16.sqm
[2008.10.01 18:34:18 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2008.10.01 18:34:18 | 00,000,232 | -H-- | C] () -- C:\sqmdata15.sqm
[2008.10.01 16:06:55 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2008.10.01 16:06:20 | 21,207,3248 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2008.10.01 15:58:57 | 00,000,000 | ---D | C] -- C:\QooBox
[2008.10.01 15:58:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2008.10.01 15:58:56 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008.10.01 15:58:56 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2008.10.01 15:58:56 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008.10.01 15:58:56 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008.10.01 15:58:56 | 00,049,152 | ---- | C] () -- C:\Windows\VFind.exe
[2008.10.01 15:58:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\swxcacls.exe
[2008.10.01 15:51:21 | 02,885,114 | R--- | C] () -- C:\Users\CASPER\Desktop\ComboFix.exe
[2008.09.28 15:42:47 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008.09.28 15:38:56 | 00,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008.09.25 05:50:57 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Local\Adobe
[2008.09.24 15:08:28 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Local\Ahead
[2008.09.24 00:08:05 | 02,561,722 | -H-- | C] () -- C:\Users\CASPER\AppData\Local\IconCache.db
[2008.09.24 00:02:27 | 10,720,95232 | -HS- | C] () -- C:\hiberfil.sys
[2008.09.23 21:27:26 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Roaming\Malwarebytes
[2008.09.23 21:27:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008.09.23 02:36:22 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2008.09.23 02:35:55 | 00,000,000 | ---D | C] -- C:\Users\CASPER\AppData\Roaming\SUPERAntiSpyware.com
[2008.09.23 02:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008.09.20 15:13:04 | 00,000,787 | ---- | C] () -- C:\Users\Public\Desktop\Photoviewer.lnk
[2008.09.20 15:13:03 | 00,000,000 | ---D | C] -- C:\Program Files\Photo Viewer
[2008.09.16 19:54:51 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008.09.16 19:54:49 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008.09.16 19:54:44 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2008.09.16 19:54:43 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008.09.16 19:54:43 | 00,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2008.09.16 19:54:43 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008.09.16 19:54:43 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2008.09.16 19:54:43 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2008.09.16 19:54:41 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll

========== Files - Modified Within 30 Days ==========

[2008.10.04 17:37:23 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2008.10.04 17:03:40 | 00,004,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008.10.04 17:03:40 | 00,004,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008.10.04 13:52:31 | 01,382,408 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008.10.04 13:52:31 | 00,588,732 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2008.10.04 13:52:31 | 00,585,914 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008.10.04 13:52:31 | 00,114,782 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2008.10.04 13:52:31 | 00,100,718 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008.10.03 19:05:27 | 00,000,698 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2008.10.03 19:03:44 | 00,002,471 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2008.10.03 19:03:38 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008.10.03 19:03:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008.10.03 19:03:32 | 10,720,95232 | -HS- | M] () -- C:\hiberfil.sys
[2008.10.03 19:02:05 | 02,561,722 | -H-- | M] () -- C:\Users\CASPER\AppData\Local\IconCache.db
[2008.10.02 17:12:37 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\CASPER\Desktop\OTViewIt.exe
[2008.10.01 18:35:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008.10.01 18:35:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008.10.01 18:34:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008.10.01 18:34:18 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008.10.01 16:06:55 | 21,207,3248 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2008.10.01 15:51:35 | 02,885,114 | R--- | M] () -- C:\Users\CASPER\Desktop\ComboFix.exe
[2008.09.30 21:54:33 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2008.09.29 22:32:44 | 00,192,000 | ---- | M] () -- C:\Users\CASPER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.29 20:27:33 | 00,000,504 | ---- | M] () -- C:\Users\CASPER\Documents\Paylaşım Klasörlerim.lnk
[2008.09.28 15:38:57 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2008.09.20 15:13:04 | 00,000,787 | ---- | M] () -- C:\Users\Public\Desktop\Photoviewer.lnk
[2008.09.18 09:24:55 | 00,040,960 | ---- | M] () -- C:\Users\CASPER\Documents\2008 borē ödeme listesi.xls
< End of report >

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 04 October 2008 - 12:48 PM

Hello Savasg.

Something didn't work :) . Maybe Avast! was stopping this from working.

Disable Realtime Protection
Disable Avast!'s realtime protection by right clicking on the try icon beside your clock that looks like Posted Image and selecting Stop On-Access Protection.

In the settings:
Posted Image
-----
Try to do that batch script from my previous post again.

Now I need you to check that the files are renamed, and if they are not, rename them manually.

Enable Viewing of Hidden and System Files and Folders
  • Double click the My Computer icon.
  • In the explorer window that pops-up, select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the Contents of System Folders, if it is not already checked.
  • Remove the checkmark from the checkbox labeled Hide File Extensions for Known File Types, if it is not already unchecked.
  • Remove the checkmark from the checkbox labeled Hide Protected Operating System Files, if it is not already unchecked.
  • Click the Apply button and then the OK button.
  • Close all the windows.
Take a look at the following:

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN .EXE
C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Windows\FixCamera .exe
C:\Windows\RtHDVCpl .exe
C:\Windows\tsnp2std .exe
C:\Windows\vsnp2std .exe
C:\Windows\System32\S3trayp .exe

Notice that there is a "<space>" before ".exe". A virus has renamed the legit files this way. The bad ones they were replaced with are deleted, but this leaves the legit ones improperly named.

Please navigate to each of the folders, find the "*<space>.exe" files. If they have not been renamed by the batch file, rename them by removing the space. If you see that the first few are renamed, then you can assume that all are renamed and not check the rest.
----
Delete ComboFix. Download a new version of ComboFix:
Link 1, Link 2, Link 3

Right click ComboFix.exe and select Run as Administrator. Please post back with the new ComboFix log.

Thanks for your patience doing the annoying manual work :thumbsup: .

With Regards,
The Panda

#14 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 04 October 2008 - 06:10 PM

Hi there again PP;

Thanks for your help and your patience as well;

I have run fix.bat;
I check the file names;
"C:\Windows\RtHDVCpl .exe" and "C:\Windows\vsnp2std .exe" were also exist with the original named files without space.
I have to delete the the ones with spaces;

The other files you asked were still with space so I had to rename them manually;

Here is the Combo fix log;

ComboFix 08-10-04.02 - CASPER 2008-10-05 1:50:16.10 - NTFSx86
Microsoft® Windows Vista™ Starter 6.0.6001.1.1254.1.1055.18.475 [GMT 3:00]
Running from: C:\Users\CASPER\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.

2008-10-01 18:35 . 2008-10-01 18:35 244 --ah----- C:\sqmnoopt16.sqm
2008-10-01 18:35 . 2008-10-01 18:35 232 --ah----- C:\sqmdata16.sqm
2008-10-01 18:34 . 2008-10-01 18:34 244 --ah----- C:\sqmnoopt15.sqm
2008-10-01 18:34 . 2008-10-01 18:34 232 --ah----- C:\sqmdata15.sqm
2008-10-01 16:06 . 2008-10-01 16:06 212,073,248 --a------ C:\Windows\MEMORY.DMP
2008-09-28 15:38 . 2008-09-28 15:38 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\Malwarebytes
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-23 04:28 . 2008-09-23 04:28 <DIR> d-------- C:\Windows\Google Earth Pro 4.2
2008-09-23 04:28 . 2008-09-23 04:29 <DIR> d-------- C:\Program Files\Google Earth Pro 4.2
2008-09-23 02:36 . 2008-09-23 02:36 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-23 02:35 . 2008-09-28 15:42 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\SUPERAntiSpyware.com
2008-09-23 02:35 . 2008-09-28 15:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-20 15:13 . 2008-09-20 15:13 <DIR> d-------- C:\Program Files\Photo Viewer
2008-09-16 19:54 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-16 19:54 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-16 19:54 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-16 19:54 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-16 19:54 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-16 19:54 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-16 19:54 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-16 19:54 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-16 19:54 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 22:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-04 22:31 --------- d-----w C:\Program Files\MSN Messenger
2008-10-04 22:07 --------- d-----w C:\Users\CASPER\AppData\Roaming\uTorrent
2008-10-04 11:40 --------- d-----w C:\Users\CASPER\AppData\Roaming\LimeWire
2008-10-02 13:46 --------- d---a-w C:\ProgramData\TEMP
2008-09-28 12:40 --------- d-----w C:\Program Files\myBabylon
2008-09-28 12:40 --------- d-----w C:\Program Files\Conduit
2008-09-28 12:37 --------- d-----w C:\Program Files\IKEA Home Planner
2008-09-23 01:26 --------- d-----w C:\Users\CASPER\AppData\Roaming\Flood Light Games
2008-09-23 01:22 --------- d-----w C:\ProgramData\HipSoft
2008-09-23 01:21 --------- d-----w C:\ProgramData\Flood Light Games
2008-09-01 20:56 --------- d-----w C:\Program Files\Java
2008-08-29 19:37 --------- d-----w C:\Program Files\Windows Mail
2008-08-27 05:52 88 --sh--r C:\ProgramData\9198EF88B9.sys
2008-08-27 05:52 2,516 --sha-w C:\ProgramData\KGyGaAvL.sys
2008-08-27 05:52 --------- d-----w C:\ProgramData\Corel
2008-08-04 01:24 --------- d-----w C:\Program Files\B.G-Sozluk
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-22 20:12 60,072 ----a-w C:\Users\CASPER\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-04-18 17:35 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-10-04_17.38.14.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-30 10:08:18 20,480 ----a-w C:\Windows\FixCamera.exe
- 2008-10-03 16:03:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-04 22:39:37 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-03 16:03:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-04 22:39:37 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-03 16:04:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-04 22:49:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-04 22:49:43 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-03 16:04:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-04 22:41:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-10-04 12:38:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-04 22:40:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-04 12:38:36 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-04 22:40:06 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-04 12:38:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-04 22:40:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-01 12:59:46 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-04 22:50:10 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-10-04 10:52:31 100,718 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-04 22:44:32 100,540 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-04 10:52:31 114,782 ----a-w C:\Windows\System32\perfc01F.dat
+ 2008-10-04 22:44:32 114,782 ----a-w C:\Windows\System32\perfc01F.dat
- 2008-10-04 10:52:31 585,914 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-04 22:44:32 585,736 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-04 10:52:31 588,732 ----a-w C:\Windows\System32\perfh01F.dat
+ 2008-10-04 22:44:32 588,732 ----a-w C:\Windows\System32\perfh01F.dat
+ 2007-12-30 10:08:12 176,128 ----a-w C:\Windows\System32\S3trayp.exe
- 2008-10-03 16:05:42 13,146 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1368108717-4242774170-1273681994-1000_UserData.bin
+ 2008-10-04 22:41:37 13,146 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1368108717-4242774170-1273681994-1000_UserData.bin
- 2008-10-03 16:05:42 78,034 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-04 22:41:37 78,034 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-03 16:05:41 42,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-04 22:41:36 42,930 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-12-30 10:08:22 270,336 ----a-w C:\Windows\tsnp2std.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-12-30 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-12-30 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-12-30 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"FixCamera"="C:\Windows\FixCamera.exe" [2007-12-30 20480]
"tsnp2std"="C:\Windows\tsnp2std.exe" [2007-12-30 270336]
"snp2std"="C:\Windows\vsnp2std.exe" [2007-05-10 344064]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2007-12-30 398944]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2007-12-30 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 C:\Windows\RtHDVCpl.exe]
"S3Trayp"="S3trayp.exe" [2007-12-30 C:\Windows\System32\S3trayp.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-13 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1368108717-4242774170-1273681994-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF51D0CF-1717-4349-A654-B354CED7EDC8}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A123CA06-72C5-4425-84D4-DA4BC1CF9F8C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{FEF69B70-3CDC-43AD-B839-B7AF30C51370}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{52981748-AA44-4F35-87BB-62C3940EF3F1}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"{0ABBD158-F0AE-4A00-AFA8-F6FA92E5CFB7}"= UDP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"{DFB9A8A7-FCBD-4859-A6F5-746AA73D0A85}"= TCP:C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"TCP Query User{A55F86CF-8EA5-412E-A300-B24B0E587301}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{1C620539-3F04-4B4D-9A9C-24DFF5ADEA4D}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{DA91A1C1-00AB-4F34-8EF9-024D0FCC7489}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F4028400-BC40-4C22-A798-E5552D6A9AC2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{27376D19-7827-45F2-BBC1-B332D2E9971B}C:\\program files\\msn messenger\\msnmsgr .exe"= UDP:C:\program files\msn messenger\msnmsgr .exe:Messenger
"UDP Query User{D6ED12A6-4752-4C14-B89F-176FF51E7E20}C:\\program files\\msn messenger\\msnmsgr .exe"= TCP:C:\program files\msn messenger\msnmsgr .exe:Messenger
"{4A7510B0-819F-4BCC-9E82-7B47CCA372B0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{72AA1ABE-6570-462F-9DFE-6037C24B45A9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8CD240E5-25AE-4A2E-BE3B-9493DFA6E7D6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F49EDA5-0D28-499B-8099-3FBDB62A99AD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC04CF6E-23AF-4FBA-8513-F7CFDB2D54AD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{03420A55-B2ED-4745-9888-C127914F11C6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-05-10 12179584]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-04-06 861184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\TKD.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6223847b-7704-11dd-b5d7-001d922cbaf6}]
\shell\AutoRun\command - F:\TKD.EXE
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Realtime Monitor - C:\PROGRA~1\CA\ETRUST~1\realmon.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Microsoft Excel'e Gö&nder - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 -: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 -: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe -

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 01:54:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-05 1:57:46
ComboFix-quarantined-files.txt 2008-10-04 22:56:05
ComboFix2.txt 2008-10-04 14:40:12
ComboFix3.txt 2008-10-03 15:49:40
ComboFix4.txt 2008-10-02 14:04:02
ComboFix5.txt 2008-10-04 22:20:33

Pre-Run: 43.613.270.016 bayt bos
Post-Run: 43,575,922,688 bayt bos

216 --- E O F --- 2008-09-16 16:57:42

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 05 October 2008 - 08:57 AM

Hello Savasg.

Your logs are clean, and as far as I can see, the damage has been repaired :thumbsup: . If it seems good on your side, then we can wrap up.

Uninstall ComboFix
Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hide file extensions and hidden/system files.
  • Clear System Restore cache and creates new restore point.
Run Cleanup! with OTViewIt
Let's clear out the tools we've used.
  • Double click the OTViewIt.exe icon on your desktop to start the program.
  • Click CleanUp!.
  • A pop-up box will appear asking "Begin Removal Process?". Click Yes.
  • Click Yes when asked to reboot.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for choosing Bleeping Computer as you malware removal source. Be sure to tell your friends about us!


Do you have any further questions or concerns?

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users