Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with.. A lot of stuff.


  • This topic is locked This topic is locked
21 replies to this topic

#1 LuzaMink

LuzaMink

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 10 April 2009 - 12:55 AM

Howdy. I've never posted here, and normally I have absolutely no problems with Malware/Spyware/Viruses, but since my computer's become a shared computer, it's gone to hell in a handbasket. I'm not entirely sure what's wrong, but I've tried multiple times to kill all of the junk on it, to no avail. It keeps coming back. Help?

------------


DDS (Ver_09-03-16.01) - NTFSx86
Run by ------- at 0:47:26.75 on Fri 04/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1203 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\106b3ec4-611a-4b0e-9964-a4f001c18f01.exe
C:\Documents and Settings\Saavedra\Application Data\psvr32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Saavedra\Desktop\cbSetup.exe
C:\Documents and Settings\Saavedra\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 58.61.144.147:3128
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {11357319-ccdc-c372-987d-e16a5caae17f} - c:\windows\ahorohugewuxi.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
{46743414-b62a-40cc-ba3b-b91e3c244d32}
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
{827295f6-572c-42b5-8640-c6646ed5a233}
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\106b3ec4-611a-4b0e-9964-a4f001c18f01.exe
uRun: [<NO NAME>]
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WinProx32_1] c:\windows\system32\config\systemprofile\application data\psvrr.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Pdaxemawixorige] rundll32.exe "c:\windows\ahorohugewuxi.dll",e
mRun: [WinProx32_1] c:\windows\system32\config\systemprofile\application data\psvrr.exe
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [InetChk] c:\windows\temp\ms1239148382.exe work
dRun: [WinProx32_1] c:\windows\system32\config\systemprofile\application data\psvrr.exe
dRun: [A00F45931B8.exe] c:\windows\temp\_A00F45931B8.exe
dRun: [Java Syncro] c:\windows\system32\config\systemprofile\local settings\application data\zchMiB.exe
dRun: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe
StartupFolder: c:\docume~1\saavedra\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\saavedra\startm~1\programs\startup\regist~1.lnk - c:\program files\3b software\registry repair pro\RegistryRepairPro.exe
StartupFolder: c:\docume~1\saavedra\startm~1\programs\startup\schedu~1.lnk - c:\program files\3b software\common\scheduler\wcomschd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\docume~1\sean\locals~1\temp\ntdll64.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228795319040
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} - hxxp://www.tricksteronline.com/control/tricksterActiveX.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.tricksteronline.com/control/KALogoutComponent.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: awttsQgf - awttsQgf.dll
Notify: __c0091014 - c:\windows\system32\__c0091014.dat
AppInit_DLLs: qammoi.dll rlekes.dll yegbbd.dll bmgygl.dll,c:\windows\system32\zojitiyu.dll,c:\windows\system32\jezevago.dll,c:\windows\system32\denovajo.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayYoomN
LSA: Notification Packages = scecli c:\windows\system32\zojitiyu.dll c:\windows\system32\jezevago.dll c:\windows\system32\denovajo.dll maprtfrs.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\saavedra\applic~1\mozilla\firefox\profiles\nabqinck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\saavedra\application

data\mozilla\firefox\profiles\nabqinck.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: XUL Cache: {E5348B0E-AA53-460D-AD03-8D645C75FC42} - c:\documents and settings\saavedra\local settings\application data\{E5348B0E-AA53-

460D-AD03-8D645C75FC42}

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-5 130424]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-4-30 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-5 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-4-30 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-5 107912]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-5 298264]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2007-8-28 57344]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-3-12 421376]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2007-12-14 57408]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-5 908056]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-11-14 30720]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\lsipnds.sys --> c:\windows\system32\drivers\LSIPNDS.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys --> c:\windows\system32\drivers\libusb0.sys [?]
S3 PAC207;Webcam;c:\windows\system32\drivers\PFC027.SYS [2008-7-6 618112]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-5 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-5 1095560]
S3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;c:\windows\system32\drivers\wmp11v27.sys --> c:\windows\system32\drivers\WMP11V27.sys [?]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-4-3 14032]

=============== Created Last 30 ================

2009-04-10 00:42 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-09 17:18 104,960 ac------ c:\windows\system32\dllcache\userinit.exe
2009-04-09 14:08 <DIR> --dsh--- c:\windows\system32\lowsec
2009-04-09 14:08 64,000 a------- c:\windows\system32\ldr.exe
2009-04-09 11:12 54 a------- C:\xcrashdump.dat
2009-04-08 13:34 0 a------- c:\windows\Tgopozewa.bin
2009-04-08 13:34 408 a------- c:\windows\Ubegogo.dat
2009-04-08 10:38 27,136 a------- c:\windows\system32\__c0091014.dat
2009-04-08 10:38 38,400 a------- c:\windows\system32\winsetupgl.exe
2009-04-07 19:08 155 a------- c:\windows\system32\SelfDel.bat
2009-04-07 19:08 84,045 a------- c:\windows\system32\ftp_non_crp.exe
2009-04-07 13:46 438 a------- c:\windows\system32\win32hlp.cnf
2009-04-07 13:17 <DIR> --d----- c:\program files\3B Software
2009-04-07 13:00 <DIR> --d----- c:\docume~1\saavedra\applic~1\ErrorFix
2009-04-07 12:52 <DIR> --d----- c:\program files\Free Window Registry Repair
2009-04-06 11:54 27,648 a------- c:\windows\system32\winsetupsm.exe
2009-04-06 11:38 27,648 a------- c:\windows\system32\winsetupsn.exe
2009-04-05 16:58 <DIR> --d----- c:\docume~1\saavedra\applic~1\Malwarebytes
2009-04-05 16:58 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-05 16:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-05 16:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 15:58 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-05 13:36 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-05 13:36 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-05 13:36 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-05 13:35 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-05 13:35 <DIR> --d----- c:\program files\AVG
2009-04-05 13:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-05 09:20 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-05 09:20 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-05 09:20 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-05 09:20 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-05 09:20 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-05 09:20 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-05 09:20 <DIR> --d----- c:\docume~1\saavedra\applic~1\PC Tools
2009-04-05 09:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-03-30 01:16 <DIR> --d----- c:\docume~1\saavedra\applic~1\FOG Downloader
2009-03-27 21:11 <DIR> --d----- c:\program files\LD-Anime
2009-03-19 00:32 229,376 a------- c:\docume~1\saavedra\applic~1\psvr32.exe
2009-03-14 23:54 552 a------- c:\windows\system32\d3d8caps.dat
2009-03-12 20:20 4,096 a------- c:\windows\system32\crash
2009-03-12 19:56 <DIR> --d----- c:\program files\Konami
2009-03-12 14:49 <DIR> --d----- c:\program files\MagicISO

==================== Find3M ====================

2009-04-09 23:36 2,644 a------- c:\windows\system32\d3d9caps.dat
2009-04-05 07:54 104,960 a------- c:\windows\system32\userinit.exe
2009-03-05 21:13 163,644 a------- c:\windows\system32\drivers\secdrv.sys
2008-04-19 23:50 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 0:47:52.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:31 AM

Posted 11 April 2009 - 09:49 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 LuzaMink

LuzaMink
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 11 April 2009 - 11:02 PM

Hi, Sam. :thumbup2:

Thanks for helping me with these problems.

Let's see; As for odd behavior? All sorts of things. I suddenly have random IE windows pop up, most immediately upon booting my computer and logging in, not to mention my internet intermittently varies between decent pace and godawful slow. My CPU seems to be having difficulties loading Firefox pages, as well (I don't use Internet Explorer ever). Sometimes, when I click a link, I get a ad page totally unrelated to what I was trying to get to. There's more, I'm sure, but I can't think of it off the top of my head. I'll add as I remember.

------------------

OTListIt logfile created on: 4/11/2009 11:00:31 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Saavedra\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.38% Memory free
3.35 Gb Paging File | 2.31 Gb Available in Paging File | 68.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 27.30 Gb Free Space | 23.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 114.48 Gb Total Space | 24.86 Gb Free Space | 21.72% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ARCHIMEDES
Current User Name: Saavedra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/01/22 15:34:04 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/01/22 15:34:04 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/02/27 12:32:00 | 00,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/07/11 17:25:20 | 00,025,640 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/05 13:35:46 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/14 12:00:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004/09/22 20:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/29 20:54:28 | 00,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2008/12/14 12:00:11 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/12/10 15:55:26 | 00,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/10/24 22:57:56 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/07 22:49:36 | 00,465,874 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe
PRC - [2005/08/05 17:08:26 | 00,067,160 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2008/02/25 15:04:00 | 01,481,968 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\106b3ec4-611a-4b0e-9964-a4f001c18f01.exe
PRC - [2009/03/18 23:41:29 | 00,229,376 | ---- | M] () -- C:\Documents and Settings\Saavedra\Application Data\psvr32.exe
PRC - [2007/08/29 10:09:40 | 00,171,464 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2008/04/01 14:47:24 | 01,478,728 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/16 01:01:02 | 00,464,240 | ---- | M] (3B Software, Inc.) -- C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
PRC - [2006/06/22 22:28:24 | 02,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006/06/22 03:03:50 | 02,478,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
PRC - [2009/01/22 11:38:32 | 02,749,952 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbInterface.exe
PRC - [2002/12/08 18:48:50 | 00,824,832 | ---- | M] (Kathleen MacMahon) -- C:\Program Files\simplemu\SimpleMU.exe
PRC - [2006/08/11 18:47:31 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/28 13:13:56 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 22:56:19 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\7cvuvfch.exe
PRC - [2009/04/11 22:54:36 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saavedra\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/02/27 12:32:00 | 00,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe -- (ACS [Auto | Running])
SRV - [2007/07/11 17:25:20 | 00,025,640 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/04/13 04:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/01/22 15:34:04 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/01/22 15:42:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/04/05 13:35:46 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Stopped])
SRV - [2009/04/05 13:35:46 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/04/13 04:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/12/14 12:00:11 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/02/27 12:54:52 | 00,360,547 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi [On_Demand | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/03/09 17:29:00 | 00,143,436 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2009/01/07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2009/01/21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2004/09/22 20:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/04/03 20:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/12/07 17:49:09 | 00,097,792 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05 [System | Running])
DRV - [2002/04/01 15:15:00 | 00,004,816 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Stopped])
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2007/10/17 07:12:00 | 00,030,720 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\l251x86.sys -- (AtcL002 [On_Demand | Stopped])
DRV - [2008/01/22 16:38:02 | 02,845,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/10/19 17:44:37 | 00,278,984 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2007/01/31 08:33:46 | 00,005,632 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit [Boot | Running])
DRV - [2007/01/18 07:00:28 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgArCln.sys -- (AvgArCln [System | Running])
DRV - [2009/04/05 13:36:03 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/04/05 13:36:02 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/04/05 13:36:05 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2002/09/10 10:45:50 | 00,041,728 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
DRV - [2005/08/29 20:45:52 | 00,501,760 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Stopped])
DRV - [2005/08/29 20:46:14 | 00,438,784 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Stopped])
DRV - [2005/08/18 20:55:50 | 00,340,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2005/08/29 20:46:14 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Stopped])
DRV - [2005/08/29 20:45:56 | 00,142,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Stopped])
DRV - [2003/07/24 13:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Running])
DRV - [2003/01/29 02:29:34 | 00,008,703 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO [Auto | Running])
DRV - [2005/08/29 20:45:54 | 00,077,824 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Stopped])
DRV - [2004/10/25 22:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2004/08/04 01:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Stopped])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/08/29 20:46:02 | 00,752,128 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Stopped])
DRV - [2005/08/29 20:46:04 | 00,153,088 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped])
DRV - [2005/08/29 20:46:04 | 00,179,200 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Stopped])
DRV - [2006/12/28 11:44:44 | 00,084,992 | ---- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2005/01/07 18:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/11/01 01:38:56 | 04,620,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/08/28 22:46:02 | 00,057,344 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\jswscimd.sys -- (JSWSCIMD [On_Demand | Running])
DRV - [2008/10/19 17:44:37 | 00,025,416 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2006/03/09 17:29:00 | 03,650,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2005/08/29 20:46:00 | 00,114,688 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Stopped])
DRV - [2008/02/13 13:17:26 | 00,618,112 | ---- | M] (PixArt Imaging Inc.) -- C:\WINDOWS\system32\DRIVERS\PFC027.SYS -- (PAC207 [On_Demand | Stopped])
DRV - [2000/10/15 18:38:54 | 00,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2009/03/06 16:45:06 | 00,130,424 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2005/08/29 20:58:12 | 00,009,216 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2005/12/01 17:57:58 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/05/16 15:23:54 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/12/04 14:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/12/04 14:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2008/12/04 14:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2009/03/05 21:13:34 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003/08/29 16:09:00 | 00,578,304 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
DRV - [2008/11/23 18:02:45 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/03/12 04:38:00 | 00,421,376 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\WNDA31.sys -- (WNDA3100 [On_Demand | Running])
DRV - [2007/12/14 05:31:00 | 00,057,408 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\wsimd.sys -- (WSIMD [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-1965331169-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1606980848-1965331169-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1606980848-1965331169-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1606980848-1965331169-725345543-1003\S-1-5-21-1606980848-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1965331169-725345543-1003\S-1-5-21-1606980848-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {A4241E65-B9C1-492D-9E57-E5596CBBB7CE}:1.0
FF - prefs.js..extensions.enabledItems: {E5348B0E-AA53-460D-AD03-8D645C75FC42}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.0.20071211
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/14 12:00:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/04/05 13:35:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E5348B0E-AA53-460D-AD03-8D645C75FC42}: C:\DOCUMENTS AND SETTINGS\SAAVEDRA\LOCAL SETTINGS\APPLICATION DATA\{E5348B0E-AA53-460D-AD03-8D645C75FC42} [2009/04/08 13:34:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 13:14:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 13:14:01 | 00,000,000 | ---D | M]

[2008/08/26 20:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saavedra\Application Data\mozilla\Extensions
[2008/08/26 20:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saavedra\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/11 01:54:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saavedra\Application Data\mozilla\Firefox\Profiles\nabqinck.default\extensions
[2008/08/04 00:57:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saavedra\Application Data\mozilla\Firefox\Profiles\nabqinck.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/02/17 23:40:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Saavedra\Application Data\mozilla\Firefox\Profiles\nabqinck.default\extensions\moveplayer@movenetworks.com
[2009/04/11 01:54:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 13:14:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/03 19:39:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{A4241E65-B9C1-492D-9E57-E5596CBBB7CE}
[2008/04/19 23:40:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2007/09/16 13:51:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/08/04 00:56:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/14 07:31:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/14 12:00:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 13:13:55 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 13:13:55 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/26 20:02:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/26 20:02:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/26 20:02:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/15 04:47:25 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/26 20:02:07 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/26 20:02:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/08/26 20:02:07 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {11357319-ccdc-c372-987d-e16a5caae17f} - C:\WINDOWS\ahorohugewuxi.dll (Mozilla Foundation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {46743414-B62A-40CC-BA3B-B91E3C244D32} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {827295F6-572C-42B5-8640-C6646ED5A233} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Pdaxemawixorige] rundll32.exe "C:\WINDOWS\ahorohugewuxi.dll",e (Mozilla Foundation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
O4 - HKU\.DEFAULT..\Run: [A00F45931B8.exe] C:\WINDOWS\TEMP\_A00F45931B8.exe File not found
O4 - HKU\.DEFAULT..\Run: [InetChk] C:\WINDOWS\TEMP\ms1239148382.exe work File not found
O4 - HKU\.DEFAULT..\Run: [Java Syncro] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\zchMiB.exe File not found
O4 - HKU\.DEFAULT..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
O4 - HKU\S-1-5-18..\Run: [A00F45931B8.exe] C:\WINDOWS\TEMP\_A00F45931B8.exe File not found
O4 - HKU\S-1-5-18..\Run: [InetChk] C:\WINDOWS\TEMP\ms1239148382.exe work File not found
O4 - HKU\S-1-5-18..\Run: [Java Syncro] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\zchMiB.exe File not found
O4 - HKU\S-1-5-18..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
O4 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\106b3ec4-611a-4b0e-9964-a4f001c18f01.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003..\Run: [WinProx32_1] C:\WINDOWS\system32\config\systemprofile\Application Data\psvrr.exe ()
O4 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\Mason\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Saavedra\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Saavedra\Start Menu\Programs\Startup\Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe (3B Software, Inc.)
O4 - Startup: C:\Documents and Settings\Saavedra\Start Menu\Programs\Startup\Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe (3B Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm File not found
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm File not found
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm File not found
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1606980848-1965331169-725345543-1003\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab (FilePlanet Download Control Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1228795319040 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} http://www.tricksteronline.com/control/tricksterActiveX.cab (TricksterActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} http://www.tricksteronline.com/control/KALogoutComponent.cab (Logout Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (qammoi.dll) - File not found
O20 - AppInit_DLLs: (rlekes.dll) - File not found
O20 - AppInit_DLLs: (yegbbd.dll) - File not found
O20 - AppInit_DLLs: (bmgygl.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\zojitiyu.dll) - C:\WINDOWS\system32\zojitiyu.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\jezevago.dll) - C:\WINDOWS\system32\jezevago.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\denovajo.dll) - C:\WINDOWS\system32\denovajo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - Winlogon\Notify\__c0091014: DllName - C:\WINDOWS\system32\__c0091014.dat - C:\WINDOWS\system32\__c0091014.dat ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\awttsQgf: DllName - awttsQgf.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\yayYoomN) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/20 20:49:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/04/11 22:55:16 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\7cvuvfch.exe
[2009/04/11 22:54:33 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part05.rar
[2009/04/11 22:54:31 | 03,911,072 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part05.rar.part
[2009/04/11 22:54:19 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Saavedra\Desktop\OTListIt2.exe
[2009/04/11 20:07:19 | 10,240,0000 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part04.rar
[2009/04/11 17:50:28 | 00,020,480 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\nDler2.exe
[2009/04/11 11:57:12 | 10,240,0000 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part03.rar
[2009/04/11 10:24:41 | 10,240,0000 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part02.rar
[2009/04/11 04:35:45 | 10,240,0000 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part01.rar
[2009/04/11 04:19:55 | 16,252,99694 | ---- | C] () -- C:\Documents and Settings\Saavedra\My Documents\Raging Stallion - Playback Disc 1.avi
[2009/04/10 00:47:41 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/04/10 00:47:16 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\dds.scr
[2009/04/10 00:46:34 | 10,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Saavedra\Desktop\cbSetup.exe
[2009/04/10 00:42:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/04/10 00:42:16 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\HijackThis.lnk
[2009/04/10 00:34:02 | 00,000,301 | ---- | C] () -- C:\Documents and Settings\Saavedra\Application Data\_pconfig.cfg
[2009/04/09 17:18:56 | 00,104,960 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/04/09 14:08:55 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2009/04/09 14:08:34 | 00,064,000 | ---- | C] () -- C:\WINDOWS\System32\ldr.exe
[2009/04/09 11:12:18 | 00,000,105 | ---- | C] () -- C:\xcrashdump.dat
[2009/04/08 13:34:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saavedra\Local Settings\Application Data\{E5348B0E-AA53-460D-AD03-8D645C75FC42}
[2009/04/08 13:34:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Tgopozewa.bin
[2009/04/08 13:34:11 | 00,000,408 | ---- | C] () -- C:\WINDOWS\Ubegogo.dat
[2009/04/08 10:38:13 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\__c0091014.dat
[2009/04/08 10:38:12 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\winsetupgl.exe
[2009/04/07 19:08:09 | 00,000,155 | ---- | C] () -- C:\WINDOWS\System32\SelfDel.bat
[2009/04/07 19:08:05 | 00,084,045 | ---- | C] () -- C:\WINDOWS\System32\ftp_non_crp.exe
[2009/04/07 13:46:40 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/04/07 13:17:25 | 00,001,889 | ---- | C] () -- C:\Documents and Settings\Saavedra\Start Menu\Programs\Startup\Registry Repair Pro.lnk
[2009/04/07 13:17:23 | 00,001,839 | ---- | C] () -- C:\Documents and Settings\Saavedra\Start Menu\Programs\Startup\Scheduler.lnk
[2009/04/07 13:17:23 | 00,000,941 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\Registry Repair Pro.lnk
[2009/04/07 13:17:22 | 00,000,000 | ---D | C] -- C:\Program Files\3B Software
[2009/04/07 13:07:06 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/07 13:00:24 | 00,000,428 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2009/04/07 13:00:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saavedra\Application Data\ErrorFix
[2009/04/07 12:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2009/04/06 11:54:11 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\winsetupsm.exe
[2009/04/05 16:58:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saavedra\Application Data\Malwarebytes
[2009/04/05 16:58:32 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 16:58:32 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/05 16:58:30 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/05 16:58:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/05 16:58:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/05 16:31:27 | 01,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Saavedra\Desktop\winsockfix.exe
[2009/04/05 15:58:19 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/04/05 13:43:18 | 00,012,020 | ---- | C] () -- C:\Documents and Settings\Saavedra\My Documents\IIF Outline 5.odt
[2009/04/05 13:43:06 | 00,012,651 | ---- | C] () -- C:\Documents and Settings\Saavedra\My Documents\IIF Outline 4.odt
[2009/04/05 13:42:53 | 00,011,266 | ---- | C] () -- C:\Documents and Settings\Saavedra\My Documents\IIF Outline 3.odt
[2009/04/05 13:36:06 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/05 13:36:06 | 00,001,514 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/04/05 13:36:05 | 00,107,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/05 13:36:03 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/05 13:35:57 | 34,923,159 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/05 13:35:57 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/05 13:35:57 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/05 13:35:57 | 00,087,887 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/05 13:35:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/04/05 13:35:46 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/05 13:35:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/04/05 09:20:59 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/04/05 09:20:49 | 00,130,424 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/04/05 09:20:49 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/04/05 09:20:22 | 00,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/04/05 09:20:16 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/04/05 09:20:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/04/05 09:20:11 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/05 09:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saavedra\Application Data\PC Tools
[2009/04/05 09:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/04/04 14:43:52 | 23,608,320 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Saavedra\Desktop\sdsetup.exe
[2009/04/04 02:19:48 | 11,568,643 | ---- | C] () -- C:\Documents and Settings\Saavedra\My Documents\dengerhanamuradenger!.rar
[2009/04/03 21:22:41 | 17,500,026 | ---- | C] () -- C:\Documents and Settings\Saavedra\My Documents\Han no Kunshou.zip
[2009/03/31 09:25:48 | 00,108,544 | ---- | C] () -- C:\Documents and Settings\Saavedra\My Documents\1196492020.negawock_roki_-_hanging_out.doc
[2009/03/31 09:25:41 | 00,100,864 | ---- | C] () -- C:\Documents and Settings\Saavedra\My Documents\1218596695.negawock_alex_-_bulking_up_3.doc
[2009/03/30 18:04:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saavedra\My Documents\Runes of Magic
[2009/03/30 11:35:33 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\Runes of Magic.lnk
[2009/03/30 01:16:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Saavedra\Application Data\FOG Downloader
[2009/03/28 18:59:25 | 00,070,948 | ---- | C] () -- C:\Documents and Settings\Saavedra\Desktop\The_Last_Remnant_V1.0_Plus_13_Trainer_By_KelSat.rar
[2009/03/27 21:11:17 | 00,000,000 | ---D | C] -- C:\Program Files\LD-Anime
[2009/03/25 18:08:15 | 62,729,728 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Saavedra\Desktop\avg_free_stf_en_85_283a1450.exe
[2009/03/19 00:32:25 | 00,229,376 | ---- | C] () -- C:\Documents and Settings\Saavedra\Application Data\psvr32.exe
[2009/03/14 23:54:07 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/03/14 14:07:50 | 00,104,448 | ---- | C] () -- C:\Documents and Settings\Saavedra\My Documents\APPLE_background.doc
[2009/03/13 16:13:39 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Silent Hill 2 - Directors Cut.lnk
[2009/03/12 14:55:23 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/03/08 15:03:13 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009/01/27 12:03:44 | 00,000,145 | ---- | C] () -- C:\WINDOWS\game.INI
[2009/01/24 21:03:41 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/12/14 14:25:06 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\bjdnslqx.ini
[2008/10/19 17:44:37 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/19 17:44:37 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/07/06 21:18:56 | 00,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/07/06 21:18:51 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2008/04/25 17:21:15 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/03/01 20:13:23 | 04,874,240 | ---- | C] () -- C:\WINDOWS\System32\DSE2_DFT.dll
[2008/02/27 12:26:00 | 00,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2007/11/26 21:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/10/30 23:47:31 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2007/09/08 11:06:40 | 00,000,512 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/05/21 00:38:31 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/02/19 00:24:20 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/15 12:24:54 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\AH6XL32.dll
[2006/08/11 18:51:09 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/12 00:23:04 | 00,000,004 | ---- | C] () -- C:\WINDOWS\todo.sys
[2006/07/06 14:09:11 | 00,000,537 | ---- | C] () -- C:\WINDOWS\FICEDULA.INI
[2006/07/04 13:09:42 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/05/25 22:48:37 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/05/25 21:54:23 | 00,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/21 12:22:23 | 00,050,372 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/05/21 12:22:23 | 00,000,193 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/03/09 17:29:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/09 17:29:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/09 17:29:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 17:29:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 17:29:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/09 17:29:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/09 17:29:00 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/08/29 21:00:42 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/06/16 20:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/12/20 05:08:28 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 05:03:26 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/04 02:56:42 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/04/18 17:43:46 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 17:43:44 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/03/21 19:56:12 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2002/12/14 16:46:02 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 16:46:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 16:46:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 15:46:04 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 07:11:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2001/08/23 07:00:00 | 00,000,834 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/11 23:00:54 | 03,911,072 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part05.rar.part
[2009/04/11 22:56:19 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\7cvuvfch.exe
[2009/04/11 22:54:36 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Saavedra\Desktop\OTListIt2.exe
[2009/04/11 22:54:33 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part05.rar
[2009/04/11 22:15:55 | 10,240,0000 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part04.rar
[2009/04/11 17:50:32 | 00,020,480 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\nDler2.exe
[2009/04/11 12:15:32 | 10,240,0000 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part03.rar
[2009/04/11 12:00:00 | 00,000,428 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2009/04/11 11:45:39 | 00,027,136 | ---- | M] () -- C:\WINDOWS\System32\__c0091014.dat
[2009/04/11 10:34:50 | 10,240,0000 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part02.rar
[2009/04/11 10:05:45 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\Saavedra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 04:44:56 | 10,240,0000 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\PB2.part01.rar
[2009/04/11 01:51:01 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/11 01:44:25 | 00,000,105 | ---- | M] () -- C:\xcrashdump.dat
[2009/04/10 02:11:10 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 00:47:17 | 10,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Saavedra\Desktop\cbSetup.exe
[2009/04/10 00:47:16 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\dds.scr
[2009/04/10 00:42:16 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\HijackThis.lnk
[2009/04/10 00:38:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Tgopozewa.bin
[2009/04/10 00:38:21 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Ubegogo.dat
[2009/04/10 00:34:46 | 00,001,889 | ---- | M] () -- C:\Documents and Settings\Saavedra\Start Menu\Programs\Startup\Registry Repair Pro.lnk
[2009/04/10 00:34:30 | 00,001,839 | ---- | M] () -- C:\Documents and Settings\Saavedra\Start Menu\Programs\Startup\Scheduler.lnk
[2009/04/10 00:34:03 | 00,000,301 | ---- | M] () -- C:\Documents and Settings\Saavedra\Application Data\_pconfig.cfg
[2009/04/10 00:28:16 | 00,000,438 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/04/10 00:28:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/09 23:36:01 | 00,002,644 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/09 17:35:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/09 17:35:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/09 14:08:54 | 00,064,000 | ---- | M] () -- C:\WINDOWS\System32\ldr.exe
[2009/04/09 00:36:02 | 00,183,808 | -HS- | M] () -- C:\Documents and Settings\Saavedra\My Documents\Thumbs.db
[2009/04/08 22:50:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/08 10:38:13 | 00,038,400 | ---- | M] () -- C:\WINDOWS\System32\winsetupgl.exe
[2009/04/08 06:38:12 | 00,000,155 | ---- | M] () -- C:\WINDOWS\System32\SelfDel.bat
[2009/04/08 06:38:11 | 00,084,045 | ---- | M] () -- C:\WINDOWS\System32\ftp_non_crp.exe
[2009/04/07 14:20:23 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/07 13:17:23 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\Registry Repair Pro.lnk
[2009/04/06 17:33:38 | 34,923,159 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/06 17:33:24 | 00,087,887 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/06 11:54:23 | 00,027,648 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\winsetupsm.exe
[2009/04/05 16:58:32 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/05 16:31:34 | 01,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Saavedra\Desktop\winsockfix.exe
[2009/04/05 13:43:18 | 00,012,020 | ---- | M] () -- C:\Documents and Settings\Saavedra\My Documents\IIF Outline 5.odt
[2009/04/05 13:43:07 | 00,012,651 | ---- | M] () -- C:\Documents and Settings\Saavedra\My Documents\IIF Outline 4.odt
[2009/04/05 13:42:56 | 00,011,266 | ---- | M] () -- C:\Documents and Settings\Saavedra\My Documents\IIF Outline 3.odt
[2009/04/05 13:36:06 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/05 13:36:06 | 00,001,514 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/04/05 13:36:05 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/05 13:36:03 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/05 13:36:02 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/05 13:35:57 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/05 13:35:57 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/05 09:20:22 | 00,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/04/05 07:54:54 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/04/05 07:54:54 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/04/04 15:32:22 | 23,608,320 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Saavedra\Desktop\sdsetup.exe
[2009/04/04 02:20:02 | 11,568,643 | ---- | M] () -- C:\Documents and Settings\Saavedra\My Documents\dengerhanamuradenger!.rar
[2009/04/03 22:40:14 | 00,087,040 | ---- | M] () -- C:\Documents and Settings\Saavedra\My Documents\IsoInFate1.doc
[2009/04/03 21:22:52 | 17,500,026 | ---- | M] () -- C:\Documents and Settings\Saavedra\My Documents\Han no Kunshou.zip
[2009/04/03 19:41:09 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\padanove
[2009/04/02 00:18:53 | 00,000,145 | ---- | M] () -- C:\WINDOWS\game.INI
[2009/03/31 09:25:50 | 00,108,544 | ---- | M] () -- C:\Documents and Settings\Saavedra\My Documents\1196492020.negawock_roki_-_hanging_out.doc
[2009/03/31 09:25:46 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\Saavedra\My Documents\1218596695.negawock_alex_-_bulking_up_3.doc
[2009/03/30 18:03:55 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\Runes of Magic.lnk
[2009/03/28 18:59:28 | 00,070,948 | ---- | M] () -- C:\Documents and Settings\Saavedra\Desktop\The_Last_Remnant_V1.0_Plus_13_Trainer_By_KelSat.rar
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 18:20:57 | 62,729,728 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Saavedra\Desktop\avg_free_stf_en_85_283a1450.exe
[2009/03/25 12:15:45 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\Saavedra\My Documents\APPLE_background.doc
[2009/03/18 23:41:29 | 00,229,376 | ---- | M] () -- C:\Documents and Settings\Saavedra\Application Data\psvr32.exe
[2009/03/14 23:56:55 | 02,111,482 | -H-- | M] () -- C:\Documents and Settings\Saavedra\Local Settings\Application Data\IconCache.db
[2009/03/14 23:54:07 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/03/14 23:53:18 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2009/03/13 16:13:40 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Silent Hill 2 - Directors Cut.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
< End of report >

----------------------

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-11 23:01:40
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 89ED2AC0 ZwEnumerateKey
Code 89F26998 ZwFlushInstructionCache
Code 8A141276 IofCallDriver
Code 8A676606 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF09C 5 Bytes JMP 8A14127B
.text ntkrnlpa.exe!IofCompleteRequest 804EF12C 5 Bytes JMP 8A67660B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B527E 5 Bytes JMP 89F2699C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622944 5 Bytes JMP 89ED2AC4
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B8F4C62C 5 Bytes JMP 8A4F01C8
? System32\Drivers\adq8ilwe.SYS The system cannot find the path specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EBEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EBEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EBEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EBF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EBF61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9ED429A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 007B51B8
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 007B51B8
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007B5104
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 007B509F
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007B506D
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 007B5471
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 007B5723
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 007B5723
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 007B5471
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 007B5723
IAT C:\WINDOWS\system32\services.exe[612] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 007B51B8
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00DE51B8
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DE5104
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DE509F
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00DE506D
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00DE5104
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00DE51B8
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00DE5104
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00DE509F
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00DE5471
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00DE5723
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00DE5723
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00DE5471
IAT C:\WINDOWS\system32\lsass.exe[624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00DE5723
IAT C:\WINDOWS\System32\alg.exe[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 007551B8
IAT C:\WINDOWS\System32\alg.exe[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00755104
IAT C:\WINDOWS\System32\alg.exe[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0075509F
IAT C:\WINDOWS\System32\alg.exe[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0075506D
IAT C:\WINDOWS\System32\alg.exe[628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00755471
IAT C:\WINDOWS\System32\alg.exe[628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00755723
IAT C:\WINDOWS\System32\alg.exe[628] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 007551B8
IAT C:\WINDOWS\System32\alg.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00755723
IAT C:\WINDOWS\System32\alg.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00755471
IAT C:\WINDOWS\System32\alg.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00755723
IAT C:\WINDOWS\system32\svchost.exe[812] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0241506D
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00AE51B8
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00AE5104
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00AE509F
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00AE506D
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00AE5471
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00AE5723
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00AE5723
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00AE5471
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00AE5723
IAT C:\WINDOWS\system32\svchost.exe[880] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00AE51B8
IAT C:\WINDOWS\System32\svchost.exe[948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 011A51B8
IAT C:\WINDOWS\System32\svchost.exe[948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 011A5104
IAT C:\WINDOWS\System32\svchost.exe[948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 011A509F
IAT C:\WINDOWS\System32\svchost.exe[948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 011A506D
IAT C:\WINDOWS\System32\svchost.exe[948] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 011A5471
IAT C:\WINDOWS\System32\svchost.exe[948] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 011A5723
IAT C:\WINDOWS\System32\svchost.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 011A5723
IAT C:\WINDOWS\System32\svchost.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 011A5471
IAT C:\WINDOWS\System32\svchost.exe[948] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 011A5723
IAT C:\WINDOWS\System32\svchost.exe[948] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 011A51B8
IAT C:\WINDOWS\System32\svchost.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CA51B8
IAT C:\WINDOWS\System32\svchost.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CA5104
IAT C:\WINDOWS\System32\svchost.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CA509F
IAT C:\WINDOWS\System32\svchost.exe[1128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CA506D
IAT C:\WINDOWS\System32\svchost.exe[1128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00CA5471
IAT C:\WINDOWS\System32\svchost.exe[1128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00CA5723
IAT C:\WINDOWS\System32\svchost.exe[1128] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00CA5723
IAT C:\WINDOWS\System32\svchost.exe[1128] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00CA5471
IAT C:\WINDOWS\System32\svchost.exe[1128] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00CA5723
IAT C:\WINDOWS\System32\svchost.exe[1128] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CA51B8
IAT C:\Program Files\iPod\bin\iPodService.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351B8
IAT C:\Program Files\iPod\bin\iPodService.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135104
IAT C:\Program Files\iPod\bin\iPodService.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013509F
IAT C:\Program Files\iPod\bin\iPodService.exe[2344] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013506D
IAT C:\Program Files\iPod\bin\iPodService.exe[2344] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135471
IAT C:\Program Files\iPod\bin\iPodService.exe[2344] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135723
IAT C:\Program Files\iPod\bin\iPodService.exe[2344] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135723
IAT C:\Program Files\iPod\bin\iPodService.exe[2344] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135471
IAT C:\Program Files\iPod\bin\iPodService.exe[2344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135723
IAT C:\Program Files\iPod\bin\iPodService.exe[2344] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351B8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A8591E8
Device \FileSystem\Fastfat \FatCdrom 8A5411E8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 8A4ED1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8CC1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8CC1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8CC1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8CC1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A4ED1E8
Device \Driver\usbuhci \Device\USBPDO-2 8A4ED1E8
Device \Driver\usbuhci \Device\USBPDO-3 8A4ED1E8
Device \Driver\usbehci \Device\USBPDO-4 8A4BB1E8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A85B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A85B1E8
Device \Driver\Cdrom \Device\CdRom0 8A3501E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D429D164-CCD4-403E-8080-29F9ACBF15EB} 89E901E8
Device \Driver\atapi \Device\Ide\IdePort0 8A85A1E8
Device \Driver\atapi \Device\Ide\IdePort1 8A85A1E8
Device \Driver\atapi \Device\Ide\IdePort2 8A85A1E8
Device \Driver\atapi \Device\Ide\IdePort3 8A85A1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E901E8
Device \Driver\NetBT \Device\NetbiosSmb 89E901E8
Device \Driver\PCI_NTPNP0594 \Device\0000005b sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8A4ED1E8
Device \Driver\usbuhci \Device\USBFDO-1 8A4ED1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89E40790
Device \Driver\usbuhci \Device\USBFDO-2 8A4ED1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89E40790
Device \Driver\usbuhci \Device\USBFDO-3 8A4ED1E8
Device \Driver\usbehci \Device\USBFDO-4 8A4BB1E8
Device \Driver\Ftdisk \Device\FtControl 8A85B1E8
Device \Driver\adq8ilwe \Device\Scsi\adq8ilwe1Port4Path0Target0Lun0 8A48F790
Device \Driver\adq8ilwe \Device\Scsi\adq8ilwe1 8A48F790
Device \FileSystem\Fastfat \Fat 8A5411E8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A3FB1E8

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\ovfsthhudghjxygpsixghwqfunythdanxlcfxa.sys (*** hidden *** ) ABAEE000-ABB06000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{563F5E5C-BBFF-BC60-8E3D-83CF6260F8BC}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{563F5E5C-BBFF-BC60-8E3D-83CF6260F8BC}@iadlnhflhfldffenca 0x69 0x61 0x62 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{563F5E5C-BBFF-BC60-8E3D-83CF6260F8BC}@hajjpjelaelahdaj 0x69 0x61 0x62 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{563F5E5C-BBFF-BC60-8E3D-83CF6260F8BC}@iapjniocafemoigeee 0x63 0x61 0x66 0x67 ...

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:31 AM

Posted 13 April 2009 - 11:08 AM

We need to run Combofix.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 LuzaMink

LuzaMink
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 13 April 2009 - 12:20 PM

ComboFix 09-04-13.A2 - Saavedra 2009-04-13 11:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1560 [GMT -5:00]
Running from: c:\documents and settings\Saavedra\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\psvrr.exe
c:\documents and settings\Saavedra\Application Data\psvr32.exe
c:\documents and settings\Saavedra\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\ahorohugewuxi.dll
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\__c0091014.dat
c:\windows\system32\bjdnslqx.ini
c:\windows\system32\config\systemprofile\Application Data\psvrr.exe
c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\drivers\ovfsthhudghjxygpsixghwqfunythdanxlcfxa.sys
c:\windows\system32\ldr.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\nDler2.exe
c:\windows\system32\ovfsthewcrxejeqbdlviweeakvmwoejdqolfbq.dat
c:\windows\system32\ovfsthgduisoauhmyhyrwuebmoefehdprvirvo.dll
c:\windows\system32\ovfsthlxytekfoqnwsmsvumkknaotsduylgkad.dll
c:\windows\system32\ovfsthoegfbnwjuhanenoqdpwetfoemyutptlf.dll
c:\windows\system32\ovfsthrpshigpcpsfehyhnsgiyjumtjmouwfyh.dat
c:\windows\system32\sdra64.exe
c:\windows\system32\win32hlp.cnf
c:\windows\wiaserviv.log
C:\xcrashdump.dat

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthpsheoxlaufickfwvpklrlrsctrgrhntv


((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-10 05:42 . 2009-04-10 05:45 -------- d-----w c:\windows\system32\NtmsData
2009-04-08 18:34 . 2009-04-10 05:38 0 ----a-w c:\windows\Tgopozewa.bin
2009-04-08 18:34 . 2009-04-08 18:34 -------- d-----w c:\documents and settings\Saavedra\Local Settings\Application Data\{E5348B0E-AA53-460D-AD03-8D645C75FC42}
2009-04-08 18:34 . 2009-04-10 05:38 408 ----a-w c:\windows\Ubegogo.dat
2009-04-08 15:38 . 2009-04-08 15:38 38400 ----a-w c:\windows\system32\winsetupgl.exe
2009-04-08 00:08 . 2009-04-08 11:38 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-08 00:08 . 2009-04-08 11:38 84045 ----a-w c:\windows\system32\ftp_non_crp.exe
2009-04-07 18:00 . 2009-04-07 18:00 -------- d-----w c:\documents and settings\Saavedra\Application Data\ErrorFix
2009-04-06 16:54 . 2009-04-06 16:54 27648 ----a-w c:\windows\system32\winsetupsm.exe
2009-04-06 16:38 . 2009-04-06 16:39 27648 ----a-w c:\windows\system32\winsetupsn.exe
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\documents and settings\Saavedra\Application Data\Malwarebytes
2009-04-05 21:58 . 2009-03-26 21:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 21:58 . 2009-03-26 21:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-05 20:58 . 2009-04-07 11:54 -------- d--h--w C:\$AVG8.VAULT$
2009-04-05 18:36 . 2009-04-05 18:36 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-05 18:36 . 2009-04-05 18:36 107912 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-05 18:36 . 2009-04-05 18:36 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-05 18:35 . 2009-04-13 17:06 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-05 18:35 . 2009-04-05 18:35 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-05 14:20 . 2008-12-11 13:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-05 14:20 . 2009-03-06 21:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-05 14:20 . 2008-12-18 17:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-05 14:20 . 2008-12-10 17:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-05 14:20 . 2009-04-05 14:20 -------- d-----w c:\documents and settings\Saavedra\Application Data\PC Tools
2009-04-05 14:20 . 2009-04-05 14:20 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-03-30 06:16 . 2009-03-30 06:24 -------- d-----w c:\documents and settings\Saavedra\Application Data\FOG Downloader
2009-03-15 04:54 . 2009-03-15 04:54 552 ----a-w c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 17:08 . 2006-08-15 05:27 -------- d-----w c:\documents and settings\Saavedra\Application Data\OpenOffice.org2
2009-04-13 17:05 . 2002-01-20 05:18 2644 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-11 06:59 . 2008-01-14 19:16 -------- d-----w c:\documents and settings\Saavedra\Application Data\Move Networks
2009-04-10 07:02 . 2002-01-20 16:40 -------- d-----w c:\documents and settings\Saavedra\Application Data\uTorrent
2009-04-10 05:47 . 2009-04-10 05:47 -------- d-----w c:\program files\Cobian Backup 9
2009-04-07 18:17 . 2009-04-07 18:17 -------- d-----w c:\program files\3B Software
2009-04-07 17:56 . 2009-04-07 17:52 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-07 06:05 . 2008-12-30 01:29 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 18:36 . 2007-05-01 02:25 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-05 18:35 . 2009-04-05 18:35 -------- d-----w c:\program files\AVG
2009-04-05 18:35 . 2008-12-10 06:14 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-05 17:39 . 2009-03-12 19:49 -------- d-----w c:\program files\MagicISO
2009-04-05 14:27 . 2009-04-05 14:20 -------- d-----w c:\program files\Spyware Doctor
2009-04-05 14:21 . 2009-04-05 14:20 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-01 06:38 . 2009-04-01 06:03 135 ----a-w C:\VundoFix.txt
2009-04-01 05:44 . 2007-05-01 02:20 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 02:35 . 2006-05-21 17:28 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-28 02:11 . 2009-03-28 02:11 -------- d-----w c:\program files\LD-Anime
2009-03-26 22:49 . 2007-10-15 21:13 -------- d-----w c:\documents and settings\Saavedra\Application Data\mIRC
2009-03-26 22:25 . 2007-10-15 21:13 -------- d-----w c:\program files\mIRC
2009-03-25 06:25 . 2008-08-04 05:25 -------- d-----w c:\program files\Webteh
2009-03-25 06:25 . 2008-08-04 05:25 -------- d-----w c:\documents and settings\Saavedra\Application Data\BSplayer
2009-03-25 03:41 . 2006-05-21 04:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 21:08 . 2009-03-13 00:56 -------- d-----w c:\program files\Konami
2009-03-13 01:20 . 2009-03-13 01:20 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI
2009-03-08 20:00 . 2009-03-08 20:00 -------- d-----w c:\program files\THQ
2009-03-06 02:13 . 2001-08-23 12:00 163644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-28 16:24 . 2008-03-30 18:28 -------- d-----w c:\program files\FFXIP
2009-02-28 06:03 . 2008-05-13 23:43 -------- d-----w c:\program files\UBISOFT
2009-02-28 04:31 . 2009-02-27 21:07 -------- d-----w c:\documents and settings\Saavedra\Application Data\Spellborn Downloader
2009-02-27 21:34 . 2009-02-27 21:34 -------- d-----w c:\documents and settings\Saavedra\Application Data\Electronic Arts
2009-01-25 02:24 . 2009-01-25 02:24 0 ----a-w c:\documents and settings\Saavedra\ntuser.tmp
2008-12-09 04:02 . 2006-05-21 04:32 26672 ----a-w c:\documents and settings\Saavedra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-11-01 14:58 . 2008-11-01 14:58 2272 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-04-20 04:50 . 2008-04-20 04:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-08 16:08 . 2007-06-08 16:08 128 ----a-w c:\documents and settings\Mason\Local Settings\Application Data\fusioncache.dat
2007-06-08 16:07 . 2007-06-08 16:07 15864 ----a-w c:\documents and settings\Mason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-30 01:32 . 2007-04-30 01:32 131 ----a-w c:\documents and settings\Saavedra\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\106b3ec4-611a-4b0e-9964-a4f001c18f01.exe" [2008-02-25 1481968]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 4670968]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-26 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-11 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-05 1932568]
"Pdaxemawixorige"="c:\windows\ofepetiyogo.dll" [2007-03-08 156672]
"CTHelper"="CTHELPER.EXE" [2005-08-29 c:\windows\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2007-10-10 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-24 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-30 4891984]

c:\documents and settings\Mason\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]

c:\documents and settings\Saavedra\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2009-04-07 2590040]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2009-04-07 464240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-09 1783128]
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-04-01 1478728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-05 13:36 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli maprtfrs.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless PCI Card Configuration Utility.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2009-04-01 16:22 1827840 c:\program files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-12-04 18:39 461584 c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 18:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-20 17:42 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-11 18:47 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 10:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"e:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\UBISOFT\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\UBISOFT\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\config\\systemprofile\\Local Settings\\Application Data\\websvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12403:TCP"= 12403:TCP:BitComet 12403 TCP
"12403:UDP"= 12403:UDP:BitComet 12403 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-05 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-05 298264]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-10-17 30720]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver; [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-27 360547]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; [x]
R3 PAC207;Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver; [x]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-05 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-05 107912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31.sys [2008-03-12 421376]
S3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-12-14 57408]

.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-12 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix\ErrorFix.exe []

2009-04-12 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix []

2009-04-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 20:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{11357319-ccdc-c372-987d-e16a5caae17f} - c:\windows\ahorohugewuxi.dll
BHO-{46743414-B62A-40CC-BA3B-B91E3C244D32} - (no file)
BHO-{827295F6-572C-42B5-8640-C6646ED5A233} - (no file)
HKU-Default-Run-InetChk - c:\windows\TEMP\ms1239148382.exe
HKU-Default-Run-WinProx32_1 - c:\windows\system32\config\systemprofile\Application Data\psvrr.exe
HKU-Default-Run-A00F45931B8.exe - c:\windows\TEMP\_A00F45931B8.exe
HKU-Default-Run-Java Syncro - c:\windows\system32\config\systemprofile\Local Settings\Application Data\zchMiB.exe
Notify-__c0091014 - c:\windows\system32\__c0091014.dat
Notify-awttsQgf - awttsQgf.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 58.61.144.147:3128
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} - hxxp://www.tricksteronline.com/control/tricksterActiveX.cab
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.tricksteronline.com/control/KALogoutComponent.cab
FF - ProfilePath - c:\documents and settings\Saavedra\Application Data\Mozilla\Firefox\Profiles\nabqinck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Saavedra\Application Data\Mozilla\Firefox\Profiles\nabqinck.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 12:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{563F5E5C-BBFF-BC60-8E3D-83CF6260F8BC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadlnhflhfldffenca"=hex:69,61,62,69,6d,6d,6f,70,68,6a,6d,69,64,70,66,6c,61,6d,
00,7c
"hajjpjelaelahdaj"=hex:69,61,62,69,6d,6d,6f,70,68,6a,6d,69,64,70,66,6c,61,6d,
00,7c
"iapjniocafemoigeee"=hex:63,61,66,67,64,6d,00,00

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,0a,0f,d2,05,bd,fc,4f,4d,d1,77,cb,5f,87,ec,86,ff,16,86,5d,c0,7f,b8,
3d,7b,91,f2,ef,68,ba,b5,02,fb,6f,b1,c4,c0,b3,5d,18,ca,fe,fe,93,9e,39,6c,49,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:17,8f,3a,a2,5d,a6,5f,4f,0d,ca,33,7c,ac,11,e4,75,cb,f6,a8,47,88,
8b,c2,c6,d5,e4,54,06,dd,9b,14,1c,e1,7a,d0,88,29,35,44,55,d0,3e,ce,14,8e,6a,\
"rkeysecu"=hex:a4,a2,88,29,79,5c,ec,81,26,79,6e,ae,c2,80,08,18
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(628)
c:\windows\maprtfrs.dll

- - - - - - - > 'explorer.exe'(2092)
c:\windows\maprtfrs.dll
c:\windows\ofepetiyogo.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\imapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.bin
.
**************************************************************************
.
Completion time: 2009-04-13 12:16 - machine was rebooted [Saavedra]
ComboFix-quarantined-files.txt 2009-04-13 17:14

Pre-Run: 30,028,812,288 bytes free
Post-Run: 33,561,649,152 bytes free

348 --- E O F --- 2008-08-04 08:03

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:31 AM

Posted 13 April 2009 - 04:44 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Suspect::[52]
c:\windows\Tgopozewa.bin
c:\documents and settings\Saavedra\Local Settings\Application Data\{E5348B0E-AA53-460D-AD03-8D645C75FC42}
c:\windows\Ubegogo.dat

File::
c:\windows\ofepetiyogo.dll
c:\windows\system32\SelfDel.bat
c:\windows\system32\ftp_non_crp.exe
c:\windows\system32\winsetupsm.exe
c:\windows\system32\winsetupsn.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pdaxemawixorige"=-
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 LuzaMink

LuzaMink
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 14 April 2009 - 01:12 AM

Here's the ComboFix log. It's too long to post in a reply however. :thumbup2:

ComboFix 09-04-13.A2 - Saavedra 2009-04-14 0:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1180 [GMT -5:00]
Running from: c:\documents and settings\Saavedra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Saavedra\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\ofepetiyogo.dll
c:\windows\system32\ftp_non_crp.exe
c:\windows\system32\SelfDel.bat
c:\windows\system32\winsetupsm.exe
c:\windows\system32\winsetupsn.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ofepetiyogo.dll
c:\windows\system32\ftp_non_crp.exe
c:\windows\system32\SelfDel.bat
c:\windows\system32\winsetupsm.exe
c:\windows\system32\winsetupsn.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-14 05:33 . 2006-03-03 05:42 73728 ----a-w C:\pv.exe
2009-04-13 22:06 . 2009-04-13 22:06 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\Fallout3
2009-04-13 21:47 . 2009-04-13 21:47 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\Mozilla
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\Apple Computer
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Sean\Application Data\ATI
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\ATI
2009-04-13 21:39 . 2009-04-13 21:39 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\{2016E208-176B-40ED-A0F9-E5FDF3B465A0}
2009-04-13 21:39 . 2009-04-13 21:39 26672 ----a-w c:\documents and settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 20:46 . 2009-04-13 20:46 -------- d-----w C:\CrashReport
2009-04-10 05:42 . 2009-04-10 05:45 -------- d-----w c:\windows\system32\NtmsData
2009-04-08 18:34 . 2009-04-13 21:42 0 ----a-w c:\windows\Tgopozewa.bin
2009-04-08 18:34 . 2009-04-08 18:34 -------- d-----w c:\documents and settings\Saavedra\Local Settings\Application Data\{E5348B0E-AA53-460D-AD03-8D645C75FC42}
2009-04-08 18:34 . 2009-04-10 05:38 408 ----a-w c:\windows\Ubegogo.dat
2009-04-08 15:38 . 2009-04-08 15:38 38400 ----a-w c:\windows\system32\winsetupgl.exe
2009-04-07 18:00 . 2009-04-07 18:00 -------- d-----w c:\documents and settings\Saavedra\Application Data\ErrorFix
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\documents and settings\Saavedra\Application Data\Malwarebytes
2009-04-05 21:58 . 2009-03-26 21:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 21:58 . 2009-03-26 21:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-05 20:58 . 2009-04-07 11:54 -------- d--h--w C:\$AVG8.VAULT$
2009-04-05 18:36 . 2009-04-05 18:36 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-05 18:36 . 2009-04-05 18:36 107912 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-05 18:36 . 2009-04-05 18:36 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-05 18:35 . 2009-04-13 22:40 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-05 18:35 . 2009-04-05 18:35 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-05 14:20 . 2008-12-11 13:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-05 14:20 . 2009-03-06 21:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-05 14:20 . 2008-12-18 17:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-05 14:20 . 2008-12-10 17:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-05 14:20 . 2009-04-05 14:20 -------- d-----w c:\documents and settings\Saavedra\Application Data\PC Tools
2009-04-05 14:20 . 2009-04-05 14:20 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-03-30 06:16 . 2009-03-30 06:24 -------- d-----w c:\documents and settings\Saavedra\Application Data\FOG Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 05:44 . 2002-01-20 05:18 2644 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-14 05:25 . 2006-08-15 05:27 -------- d-----w c:\documents and settings\Saavedra\Application Data\OpenOffice.org2
2009-04-13 20:13 . 2007-11-28 19:21 -------- d-----w c:\program files\Steam
2009-04-11 06:59 . 2008-01-14 19:16 -------- d-----w c:\documents and settings\Saavedra\Application Data\Move Networks
2009-04-10 07:02 . 2002-01-20 16:40 -------- d-----w c:\documents and settings\Saavedra\Application Data\uTorrent
2009-04-10 05:47 . 2009-04-10 05:47 -------- d-----w c:\program files\Cobian Backup 9
2009-04-07 18:17 . 2009-04-07 18:17 -------- d-----w c:\program files\3B Software
2009-04-07 17:56 . 2009-04-07 17:52 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-07 06:05 . 2008-12-30 01:29 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 18:36 . 2007-05-01 02:25 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-05 18:35 . 2009-04-05 18:35 -------- d-----w c:\program files\AVG
2009-04-05 18:35 . 2008-12-10 06:14 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-05 17:39 . 2009-03-12 19:49 -------- d-----w c:\program files\MagicISO
2009-04-05 14:27 . 2009-04-05 14:20 -------- d-----w c:\program files\Spyware Doctor
2009-04-05 14:21 . 2009-04-05 14:20 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-01 06:38 . 2009-04-01 06:03 135 ----a-w C:\VundoFix.txt
2009-04-01 05:44 . 2007-05-01 02:20 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 02:35 . 2006-05-21 17:28 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-28 02:11 . 2009-03-28 02:11 -------- d-----w c:\program files\LD-Anime
2009-03-26 22:49 . 2007-10-15 21:13 -------- d-----w c:\documents and settings\Saavedra\Application Data\mIRC
2009-03-26 22:25 . 2007-10-15 21:13 -------- d-----w c:\program files\mIRC
2009-03-25 06:25 . 2008-08-04 05:25 -------- d-----w c:\program files\Webteh
2009-03-25 06:25 . 2008-08-04 05:25 -------- d-----w c:\documents and settings\Saavedra\Application Data\BSplayer
2009-03-25 03:41 . 2006-05-21 04:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 21:08 . 2009-03-13 00:56 -------- d-----w c:\program files\Konami
2009-03-13 01:20 . 2009-03-13 01:20 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI
2009-03-08 20:00 . 2009-03-08 20:00 -------- d-----w c:\program files\THQ
2009-03-06 02:13 . 2001-08-23 12:00 163644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-28 16:24 . 2008-03-30 18:28 -------- d-----w c:\program files\FFXIP
2009-02-28 06:03 . 2008-05-13 23:43 -------- d-----w c:\program files\UBISOFT
2009-02-28 04:31 . 2009-02-27 21:07 -------- d-----w c:\documents and settings\Saavedra\Application Data\Spellborn Downloader
2009-02-27 21:34 . 2009-02-27 21:34 -------- d-----w c:\documents and settings\Saavedra\Application Data\Electronic Arts
2008-12-09 04:02 . 2006-05-21 04:32 26672 ----a-w c:\documents and settings\Saavedra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-11-01 14:58 . 2008-11-01 14:58 2272 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-04-20 04:50 . 2008-04-20 04:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-08 16:08 . 2007-06-08 16:08 128 ----a-w c:\documents and settings\Mason\Local Settings\Application Data\fusioncache.dat
2007-06-08 16:07 . 2007-06-08 16:07 15864 ----a-w c:\documents and settings\Mason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-30 01:32 . 2007-04-30 01:32 131 ----a-w c:\documents and settings\Saavedra\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\106b3ec4-611a-4b0e-9964-a4f001c18f01.exe" [2008-02-25 1481968]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 4670968]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-26 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-11 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-05 1932568]
"CTHelper"="CTHELPER.EXE" [2005-08-29 c:\windows\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2007-10-10 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-24 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-30 4891984]

c:\documents and settings\Mason\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]

c:\documents and settings\Saavedra\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2009-04-07 2590040]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2009-04-07 464240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-09 1783128]
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-04-01 1478728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-05 13:36 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttsQgf]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0091014]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli maprtfrs.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless PCI Card Configuration Utility.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2009-04-01 16:22 1827840 c:\program files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-12-04 18:39 461584 c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 18:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-20 17:42 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-11 18:47 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 10:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"e:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\UBISOFT\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\UBISOFT\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\config\\systemprofile\\Local Settings\\Application Data\\websvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12403:TCP"= 12403:TCP:BitComet 12403 TCP
"12403:UDP"= 12403:UDP:BitComet 12403 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-10-17 30720]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver; [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-27 360547]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; [x]
R3 PAC207;Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver; [x]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-05 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-05 107912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-05 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-05 298264]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31.sys [2008-03-12 421376]
S3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-12-14 57408]

.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-12 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix\ErrorFix.exe []

2009-04-12 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix []

2009-04-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 20:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{11357319-ccdc-c372-987d-e16a5caae17f} - (no file)
BHO-{46743414-B62A-40CC-BA3B-B91E3C244D32} - (no file)
BHO-{827295F6-572C-42B5-8640-C6646ED5A233} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 58.61.144.147:3128
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} - hxxp://www.tricksteronline.com/control/tricksterActiveX.cab
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.tricksteronline.com/control/KALogoutComponent.cab
FF - ProfilePath - c:\documents and settings\Saavedra\Application Data\Mozilla\Firefox\Profiles\nabqinck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Saavedra\Application Data\Mozilla\Firefox\Profiles\nabqinck.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 00:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{563F5E5C-BBFF-BC60-8E3D-83CF6260F8BC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadlnhflhfldffenca"=hex:69,61,62,69,6d,6d,6f,70,68,6a,6d,69,64,70,66,6c,61,6d,
00,7c
"hajjpjelaelahdaj"=hex:69,61,62,69,6d,6d,6f,70,68,6a,6d,69,64,70,66,6c,61,6d,
00,7c
"iapjniocafemoigeee"=hex:63,61,66,67,64,6d,00,00

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,0a,0f,d2,05,bd,fc,4f,4d,d1,77,cb,5f,87,ec,86,ff,16,86,5d,c0,7f,b8,
3d,7b,91,f2,ef,68,ba,b5,02,fb,6f,b1,c4,c0,b3,5d,18,ca,fe,fe,93,9e,39,6c,49,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:17,8f,3a,a2,5d,a6,5f,4f,0d,ca,33,7c,ac,11,e4,75,cb,f6,a8,47,88,
8b,c2,c6,d5,e4,54,06,dd,9b,14,1c,e1,7a,d0,88,29,35,44,55,d0,3e,ce,14,8e,6a,\
"rkeysecu"=hex:a4,a2,88,29,79,5c,ec,81,26,79,6e,ae,c2,80,08,18
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(628)
c:\windows\maprtfrs.dll

- - - - - - - > 'explorer.exe'(1636)
c:\windows\maprtfrs.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\imapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\OpenOffice.org 2.0\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-04-14 0:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-14 05:54
ComboFix2.txt 2009-04-13 17:16

Pre-Run: 32,408,289,280 bytes free
Post-Run: 32,388,694,016 bytes free

2296 --- E O F --- 2008-08-04 08:03

Attached Files

  • Attached File  Log.txt   299.76KB   20 downloads

Edited by Buckeye_Sam, 14 April 2009 - 08:06 AM.
log


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:31 AM

Posted 14 April 2009 - 08:09 AM

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/top...ml#entry1222607

Suspect::[52]
c:\windows\maprtfrs.dll
c:\windows\system32\winsetupgl.exe
c:\windows\Tgopozewa.bin
c:\windows\Ubegogo.dat


Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 LuzaMink

LuzaMink
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 14 April 2009 - 01:51 PM

ComboFix 09-04-13.A2 - Saavedra 2009-04-14 13:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1359 [GMT -5:00]
Running from: c:\documents and settings\Saavedra\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Saavedra\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-14 05:33 . 2006-03-03 05:42 73728 ----a-w C:\pv.exe
2009-04-13 22:06 . 2009-04-13 22:06 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\Fallout3
2009-04-13 21:47 . 2009-04-13 21:47 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\Mozilla
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\Apple Computer
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Sean\Application Data\ATI
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\ATI
2009-04-13 21:39 . 2009-04-13 21:39 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\{2016E208-176B-40ED-A0F9-E5FDF3B465A0}
2009-04-13 21:39 . 2009-04-13 21:39 26672 ----a-w c:\documents and settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 20:46 . 2009-04-13 20:46 -------- d-----w C:\CrashReport
2009-04-10 05:42 . 2009-04-10 05:45 -------- d-----w c:\windows\system32\NtmsData
2009-04-08 18:34 . 2009-04-13 21:42 0 ----a-w c:\windows\Tgopozewa.bin
2009-04-08 18:34 . 2009-04-08 18:34 -------- d-----w c:\documents and settings\Saavedra\Local Settings\Application Data\{E5348B0E-AA53-460D-AD03-8D645C75FC42}
2009-04-08 18:34 . 2009-04-10 05:38 408 ----a-w c:\windows\Ubegogo.dat
2009-04-07 18:00 . 2009-04-07 18:00 -------- d-----w c:\documents and settings\Saavedra\Application Data\ErrorFix
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\documents and settings\Saavedra\Application Data\Malwarebytes
2009-04-05 21:58 . 2009-03-26 21:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 21:58 . 2009-03-26 21:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-05 20:58 . 2009-04-14 11:39 -------- d--h--w C:\$AVG8.VAULT$
2009-04-05 18:36 . 2009-04-05 18:36 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-05 18:36 . 2009-04-05 18:36 107912 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-05 18:36 . 2009-04-05 18:36 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-05 18:35 . 2009-04-14 14:55 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-05 18:35 . 2009-04-05 18:35 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-05 14:20 . 2008-12-11 13:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-05 14:20 . 2009-03-06 21:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-05 14:20 . 2008-12-18 17:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-05 14:20 . 2008-12-10 17:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-05 14:20 . 2009-04-05 14:20 -------- d-----w c:\documents and settings\Saavedra\Application Data\PC Tools
2009-04-05 14:20 . 2009-04-05 14:20 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-03-30 06:16 . 2009-03-30 06:24 -------- d-----w c:\documents and settings\Saavedra\Application Data\FOG Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 18:37 . 2006-08-15 05:27 -------- d-----w c:\documents and settings\Saavedra\Application Data\OpenOffice.org2
2009-04-14 18:33 . 2002-01-20 05:18 2644 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-13 20:13 . 2007-11-28 19:21 -------- d-----w c:\program files\Steam
2009-04-11 06:59 . 2008-01-14 19:16 -------- d-----w c:\documents and settings\Saavedra\Application Data\Move Networks
2009-04-10 07:02 . 2002-01-20 16:40 -------- d-----w c:\documents and settings\Saavedra\Application Data\uTorrent
2009-04-10 05:47 . 2009-04-10 05:47 -------- d-----w c:\program files\Cobian Backup 9
2009-04-07 18:17 . 2009-04-07 18:17 -------- d-----w c:\program files\3B Software
2009-04-07 17:56 . 2009-04-07 17:52 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-07 06:05 . 2008-12-30 01:29 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 18:36 . 2007-05-01 02:25 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-05 18:35 . 2009-04-05 18:35 -------- d-----w c:\program files\AVG
2009-04-05 18:35 . 2008-12-10 06:14 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-05 17:39 . 2009-03-12 19:49 -------- d-----w c:\program files\MagicISO
2009-04-05 14:27 . 2009-04-05 14:20 -------- d-----w c:\program files\Spyware Doctor
2009-04-05 14:21 . 2009-04-05 14:20 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-01 06:38 . 2009-04-01 06:03 135 ----a-w C:\VundoFix.txt
2009-04-01 05:44 . 2007-05-01 02:20 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 02:35 . 2006-05-21 17:28 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-28 02:11 . 2009-03-28 02:11 -------- d-----w c:\program files\LD-Anime
2009-03-26 22:49 . 2007-10-15 21:13 -------- d-----w c:\documents and settings\Saavedra\Application Data\mIRC
2009-03-26 22:25 . 2007-10-15 21:13 -------- d-----w c:\program files\mIRC
2009-03-25 06:25 . 2008-08-04 05:25 -------- d-----w c:\program files\Webteh
2009-03-25 06:25 . 2008-08-04 05:25 -------- d-----w c:\documents and settings\Saavedra\Application Data\BSplayer
2009-03-25 03:41 . 2006-05-21 04:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 21:08 . 2009-03-13 00:56 -------- d-----w c:\program files\Konami
2009-03-13 01:20 . 2009-03-13 01:20 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI
2009-03-08 20:00 . 2009-03-08 20:00 -------- d-----w c:\program files\THQ
2009-03-06 02:13 . 2001-08-23 12:00 163644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-28 16:24 . 2008-03-30 18:28 -------- d-----w c:\program files\FFXIP
2009-02-28 06:03 . 2008-05-13 23:43 -------- d-----w c:\program files\UBISOFT
2009-02-28 04:31 . 2009-02-27 21:07 -------- d-----w c:\documents and settings\Saavedra\Application Data\Spellborn Downloader
2009-02-27 21:34 . 2009-02-27 21:34 -------- d-----w c:\documents and settings\Saavedra\Application Data\Electronic Arts
2008-12-09 04:02 . 2006-05-21 04:32 26672 ----a-w c:\documents and settings\Saavedra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-11-01 14:58 . 2008-11-01 14:58 2272 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-04-20 04:50 . 2008-04-20 04:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-08 16:08 . 2007-06-08 16:08 128 ----a-w c:\documents and settings\Mason\Local Settings\Application Data\fusioncache.dat
2007-06-08 16:07 . 2007-06-08 16:07 15864 ----a-w c:\documents and settings\Mason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-30 01:32 . 2007-04-30 01:32 131 ----a-w c:\documents and settings\Saavedra\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-04-14_ 0.53.18.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 18:32 . 2009-04-14 18:32 16384 c:\windows\Temp\Perflib_Perfdata_780.dat
+ 2002-01-20 05:18 . 2009-04-14 18:33 2644 c:\windows\system32\d3d9caps.dat
- 2002-01-20 05:18 . 2009-04-14 05:44 2644 c:\windows\system32\d3d9caps.dat
+ 2001-08-23 12:00 . 2007-03-08 15:36 156672 c:\windows\ozitegigusobo.dll
+ 2009-04-14 18:29 . 2005-10-21 01:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-04-14 05:41 . 2005-10-21 01:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\106b3ec4-611a-4b0e-9964-a4f001c18f01.exe" [2008-02-25 1481968]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 4670968]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-26 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-11 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-05 1932568]
"Pdaxemawixorige"="c:\windows\ozitegigusobo.dll" [2007-03-08 156672]
"CTHelper"="CTHELPER.EXE" [2005-08-29 c:\windows\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2007-10-10 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-24 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-30 4891984]

c:\documents and settings\Mason\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]

c:\documents and settings\Saavedra\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2009-04-07 2590040]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2009-04-07 464240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-09 1783128]
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-04-01 1478728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-05 13:36 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttsQgf]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0091014]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli maprtfrs.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless PCI Card Configuration Utility.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2009-04-01 16:22 1827840 c:\program files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-12-04 18:39 461584 c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 18:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-20 17:42 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-11 18:47 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 10:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"e:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\UBISOFT\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\UBISOFT\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12403:TCP"= 12403:TCP:BitComet 12403 TCP
"12403:UDP"= 12403:UDP:BitComet 12403 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-05 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-05 298264]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-10-17 30720]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver; [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-27 360547]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; [x]
R3 PAC207;Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver; [x]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-05 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-05 107912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31.sys [2008-03-12 421376]
S3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-12-14 57408]

.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-14 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix\ErrorFix.exe []

2009-04-14 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix []

2009-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 20:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 58.61.144.147:3128
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} - hxxp://www.tricksteronline.com/control/tricksterActiveX.cab
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.tricksteronline.com/control/KALogoutComponent.cab
FF - ProfilePath - c:\documents and settings\Saavedra\Application Data\Mozilla\Firefox\Profiles\nabqinck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Saavedra\Application Data\Mozilla\Firefox\Profiles\nabqinck.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 13:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{563F5E5C-BBFF-BC60-8E3D-83CF6260F8BC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadlnhflhfldffenca"=hex:69,61,62,69,6d,6d,6f,70,68,6a,6d,69,64,70,66,6c,61,6d,
00,7c
"hajjpjelaelahdaj"=hex:69,61,62,69,6d,6d,6f,70,68,6a,6d,69,64,70,66,6c,61,6d,
00,7c
"iapjniocafemoigeee"=hex:63,61,66,67,64,6d,00,00

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,0a,0f,d2,05,bd,fc,4f,4d,d1,77,cb,5f,87,ec,86,ff,16,86,5d,c0,7f,b8,
3d,7b,91,f2,ef,68,ba,b5,02,fb,6f,b1,c4,c0,b3,5d,18,ca,fe,fe,93,9e,39,6c,49,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:17,8f,3a,a2,5d,a6,5f,4f,0d,ca,33,7c,ac,11,e4,75,cb,f6,a8,47,88,
8b,c2,c6,d5,e4,54,06,dd,9b,14,1c,e1,7a,d0,88,29,35,44,55,d0,3e,ce,14,8e,6a,\
"rkeysecu"=hex:a4,a2,88,29,79,5c,ec,81,26,79,6e,ae,c2,80,08,18
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(628)
c:\windows\maprtfrs.dll

- - - - - - - > 'explorer.exe'(2136)
c:\windows\maprtfrs.dll
c:\windows\ozitegigusobo.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Audible\Bin\AudibleExt.dll
c:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\imapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-04-14 13:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-14 18:47
ComboFix2.txt 2009-04-14 05:55
ComboFix3.txt 2009-04-13 17:16

Pre-Run: 32,221,839,360 bytes free
Post-Run: 32,361,598,976 bytes free

332 --- E O F --- 2008-08-04 08:03

Attached Files



#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:31 AM

Posted 15 April 2009 - 12:15 PM

Did you submit the files? I didn't get them.
Make sure you disable AVG before running Combofix.

Did this occur?

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

* Ensure you are connected to the internet and click OK on the message box.
* A browser will open.
* Simply follow the instructions to copy/paste/send the requested file.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 LuzaMink

LuzaMink
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 21 April 2009 - 06:14 PM

Sorry for the late reply, I've been away from my computer for a while. I never got a popup box telling me what files to send like you said it'd do. :/

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:31 AM

Posted 21 April 2009 - 07:12 PM

How is your computer behaving now?
Since it's been a few days, please post a new Combofix log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 LuzaMink

LuzaMink
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 22 April 2009 - 02:20 AM

ComboFix 09-04-13.A2 - Saavedra 2009-04-22 2:00.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1501 [GMT -5:00]
Running from: c:\documents and settings\Saavedra\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-19 16:13 . 2009-03-16 22:47 2780212 ----a-w c:\windows\system32\GameMon.des
2009-04-19 06:04 . 2009-04-22 06:32 -------- d-----w c:\documents and settings\Saavedra\Local Settings\Application Data\PMB Files
2009-04-19 06:04 . 2009-04-19 06:04 -------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
2009-04-15 22:08 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 22:08 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 22:08 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-15 22:08 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 22:08 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 22:08 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 22:08 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 22:08 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 22:08 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 22:06 . 2009-03-27 07:09 1193414 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 22:06 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 20:50 . 2009-04-14 20:50 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\Oblivion
2009-04-14 20:32 . 2009-04-14 20:32 -------- d-----w c:\documents and settings\Sean\Application Data\Malwarebytes
2009-04-14 20:32 . 2009-04-14 20:32 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\CurseClient
2009-04-13 23:14 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-04-13 22:06 . 2009-04-13 22:06 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\Fallout3
2009-04-13 21:47 . 2009-04-13 21:47 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\Mozilla
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\Apple Computer
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Sean\Application Data\ATI
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\ATI
2009-04-13 21:39 . 2009-04-13 21:39 -------- d-----w c:\documents and settings\Sean\Local Settings\Application Data\{2016E208-176B-40ED-A0F9-E5FDF3B465A0}
2009-04-13 21:39 . 2009-04-13 21:39 26672 ----a-w c:\documents and settings\Sean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 20:46 . 2009-04-13 20:46 -------- d-----w C:\CrashReport
2009-04-10 05:42 . 2009-04-10 05:45 -------- d-----w c:\windows\system32\NtmsData
2009-04-08 18:34 . 2009-04-22 05:54 0 ----a-w c:\windows\Tgopozewa.bin
2009-04-08 18:34 . 2009-04-08 18:34 -------- d-----w c:\documents and settings\Saavedra\Local Settings\Application Data\{E5348B0E-AA53-460D-AD03-8D645C75FC42}
2009-04-08 18:34 . 2009-04-16 20:16 408 ----a-w c:\windows\Ubegogo.dat
2009-04-07 18:00 . 2009-04-07 18:00 -------- d-----w c:\documents and settings\Saavedra\Application Data\ErrorFix
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\documents and settings\Saavedra\Application Data\Malwarebytes
2009-04-05 21:58 . 2009-03-26 21:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 21:58 . 2009-03-26 21:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-05 20:58 . 2009-04-16 10:17 -------- d--h--w C:\$AVG8.VAULT$
2009-04-05 18:36 . 2009-04-05 18:36 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-05 18:36 . 2009-04-16 13:02 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-05 18:36 . 2009-04-05 18:36 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-05 18:35 . 2009-04-18 14:26 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-05 18:35 . 2009-04-22 06:55 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-05 14:20 . 2008-12-11 13:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-05 14:20 . 2009-03-06 21:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-05 14:20 . 2008-12-18 17:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-05 14:20 . 2008-12-10 17:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-05 14:20 . 2009-04-05 14:20 -------- d-----w c:\documents and settings\Saavedra\Application Data\PC Tools
2009-04-05 14:20 . 2009-04-05 14:20 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-03-30 06:16 . 2009-04-20 07:11 -------- d-----w c:\documents and settings\Saavedra\Application Data\FOG Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 02:54 . 2002-01-20 16:40 -------- d-----w c:\documents and settings\Saavedra\Application Data\uTorrent
2009-04-20 03:16 . 2008-01-14 19:16 -------- d-----w c:\documents and settings\Saavedra\Application Data\Move Networks
2009-04-19 11:57 . 2009-04-19 11:11 -------- d-----w c:\program files\The Chronicles of Spellborn
2009-04-19 06:04 . 2009-04-19 06:04 -------- d-----w c:\program files\Pando Networks
2009-04-17 06:05 . 2006-08-15 05:27 -------- d-----w c:\documents and settings\Saavedra\Application Data\OpenOffice.org2
2009-04-17 05:44 . 2009-04-17 05:44 -------- d-----w c:\program files\MSXML 6.0
2009-04-17 05:42 . 2009-04-17 05:42 -------- d-----w c:\program files\MSXML 4.0
2009-04-15 05:24 . 2002-01-20 05:18 2644 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-14 20:32 . 2008-12-30 01:29 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-13 20:13 . 2007-11-28 19:21 -------- d-----w c:\program files\Steam
2009-04-10 05:47 . 2009-04-10 05:47 -------- d-----w c:\program files\Cobian Backup 9
2009-04-07 18:17 . 2009-04-07 18:17 -------- d-----w c:\program files\3B Software
2009-04-07 17:56 . 2009-04-07 17:52 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-05 21:58 . 2009-04-05 21:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 18:36 . 2007-05-01 02:25 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-05 18:35 . 2009-04-05 18:35 -------- d-----w c:\program files\AVG
2009-04-05 18:35 . 2008-12-10 06:14 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-05 17:39 . 2009-03-12 19:49 -------- d-----w c:\program files\MagicISO
2009-04-05 14:27 . 2009-04-05 14:20 -------- d-----w c:\program files\Spyware Doctor
2009-04-05 14:21 . 2009-04-05 14:20 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-01 06:38 . 2009-04-01 06:03 135 ----a-w C:\VundoFix.txt
2009-04-01 05:44 . 2007-05-01 02:20 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 02:35 . 2006-05-21 17:28 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-28 02:11 . 2009-03-28 02:11 -------- d-----w c:\program files\LD-Anime
2009-03-26 22:49 . 2007-10-15 21:13 -------- d-----w c:\documents and settings\Saavedra\Application Data\mIRC
2009-03-26 22:25 . 2007-10-15 21:13 -------- d-----w c:\program files\mIRC
2009-03-25 06:25 . 2008-08-04 05:25 -------- d-----w c:\program files\Webteh
2009-03-25 06:25 . 2008-08-04 05:25 -------- d-----w c:\documents and settings\Saavedra\Application Data\BSplayer
2009-03-25 03:41 . 2006-05-21 04:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 21:08 . 2009-03-13 00:56 -------- d-----w c:\program files\Konami
2009-03-13 01:20 . 2009-03-13 01:20 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI
2009-03-08 20:00 . 2009-03-08 20:00 -------- d-----w c:\program files\THQ
2009-03-06 14:44 . 2001-08-23 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 02:13 . 2001-08-23 12:00 163644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-28 16:24 . 2008-03-30 18:28 -------- d-----w c:\program files\FFXIP
2009-02-28 06:03 . 2008-05-13 23:43 -------- d-----w c:\program files\UBISOFT
2009-02-28 04:31 . 2009-02-27 21:07 -------- d-----w c:\documents and settings\Saavedra\Application Data\Spellborn Downloader
2009-02-27 21:34 . 2009-02-27 21:34 -------- d-----w c:\documents and settings\Saavedra\Application Data\Electronic Arts
2009-02-20 08:30 . 2004-08-04 07:56 81920 ------w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2004-01-08 22:23 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-09 10:20 . 2006-05-21 05:15 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2001-08-23 12:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2001-08-23 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2001-08-23 12:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2001-08-23 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:22 . 2001-08-23 12:00 2136064 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2001-08-23 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-08-23 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2001-08-17 13:48 2015744 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2001-08-23 12:00 55808 ----a-w c:\windows\system32\secur32.dll
2008-12-09 04:02 . 2006-05-21 04:32 26672 ----a-w c:\documents and settings\Saavedra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-11-01 14:58 . 2008-11-01 14:58 2272 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-04-20 04:50 . 2008-04-20 04:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-08 16:08 . 2007-06-08 16:08 128 ----a-w c:\documents and settings\Mason\Local Settings\Application Data\fusioncache.dat
2007-06-08 16:07 . 2007-06-08 16:07 15864 ----a-w c:\documents and settings\Mason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-30 01:32 . 2007-04-30 01:32 131 ----a-w c:\documents and settings\Saavedra\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-04-14_ 0.53.18.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 21:45 . 2008-09-30 21:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2009-04-17 06:02 . 2009-04-17 06:02 16384 c:\windows\Temp\Perflib_Perfdata_f4.dat
- 2001-08-23 12:00 . 2004-08-04 07:56 50176 c:\windows\system32\utilman.exe
+ 2001-08-23 12:00 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
+ 2001-08-23 12:00 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
- 2001-08-23 12:00 . 2004-08-04 07:56 35840 c:\windows\system32\umandlg.dll
+ 2007-01-29 08:58 . 2008-10-22 09:47 62976 c:\windows\system32\tzchange.exe
+ 2006-05-21 07:20 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2008-11-15 20:39 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2001-08-23 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2001-08-23 12:00 . 2004-08-04 07:56 55808 c:\windows\system32\secur32.dll
+ 2001-08-23 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2003-08-15 20:31 . 2008-04-21 07:03 39424 c:\windows\system32\pngfilt.dll
+ 2003-08-15 20:31 . 2009-02-20 08:30 39424 c:\windows\system32\pngfilt.dll
+ 2001-08-23 12:00 . 2009-04-17 06:07 70270 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-03-08 20:13 70270 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
- 2001-08-23 12:00 . 2004-08-04 07:56 53760 c:\windows\system32\narrator.exe
+ 2006-05-21 05:15 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2006-05-21 05:15 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2006-05-21 05:15 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2006-05-21 01:43 . 2004-08-04 07:56 58880 c:\windows\system32\msdtclog.dll
+ 2006-05-21 01:43 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2001-08-23 12:00 . 2005-06-29 01:46 74240 c:\windows\system32\mscms.dll
+ 2001-08-23 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2001-08-23 12:00 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe
- 2001-08-23 12:00 . 2004-08-04 07:56 72704 c:\windows\system32\magnify.exe
- 2001-08-23 12:00 . 2004-09-23 01:45 96768 c:\windows\system32\logagent.exe
+ 2001-08-23 12:00 . 2008-06-10 14:17 96768 c:\windows\system32\logagent.exe
+ 2001-08-23 12:00 . 2009-02-20 08:30 16384 c:\windows\system32\jsproxy.dll
- 2001-08-23 12:00 . 2008-04-21 07:03 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-26 18:17 . 2009-02-20 08:30 96256 c:\windows\system32\inseng.dll
- 2004-08-26 18:17 . 2008-04-21 07:03 96256 c:\windows\system32\inseng.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 81920 c:\windows\system32\ieencode.dll
+ 2004-08-04 07:56 . 2009-02-20 08:30 81920 c:\windows\system32\ieencode.dll
- 2004-08-04 07:56 . 2008-04-21 07:03 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 07:56 . 2009-02-20 08:30 55808 c:\windows\system32\extmgr.dll
+ 2006-10-04 08:48 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
+ 2006-10-04 13:33 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2009-02-03 20:08 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2001-08-23 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2006-05-10 05:23 . 2008-04-21 07:03 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-10-04 08:48 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-06-24 16:23 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2006-10-04 08:48 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe
+ 2001-08-23 12:00 . 2008-06-10 14:17 96768 c:\windows\system32\dllcache\logagent.exe
- 2001-08-23 12:00 . 2004-09-23 01:45 96768 c:\windows\system32\dllcache\logagent.exe
+ 2006-05-10 05:22 . 2009-02-20 08:30 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2008-04-21 07:03 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2008-04-21 07:03 96256 c:\windows\system32\dllcache\inseng.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 96256 c:\windows\system32\dllcache\inseng.dll
+ 2009-02-20 08:30 . 2009-02-20 08:30 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2006-05-09 11:00 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
- 2006-05-09 11:00 . 2008-04-17 10:52 18432 c:\windows\system32\dllcache\iedw.exe
- 2006-05-10 05:22 . 2008-04-21 07:03 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2009-04-15 22:08 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
- 2009-04-13 16:47 . 2000-08-31 13:00 98816 c:\windows\sed.exe
+ 2009-04-22 06:59 . 2000-08-31 13:00 98816 c:\windows\sed.exe
- 2009-04-13 16:47 . 2000-08-31 13:00 29696 c:\windows\NIRCMD.exe
+ 2009-04-22 06:59 . 2000-08-31 13:00 29696 c:\windows\NIRCMD.exe
+ 2009-04-17 05:42 . 2009-04-17 05:42 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-04-22 06:59 . 2000-08-31 13:00 80412 c:\windows\grep.exe
- 2009-04-13 16:47 . 2000-08-31 13:00 80412 c:\windows\grep.exe
+ 2009-04-17 05:43 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2009-04-17 05:43 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2009-04-17 05:41 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB963027\update\spcustom.dll
+ 2009-04-17 05:41 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB963027\spmsg.dll
+ 2009-02-20 07:50 . 2009-02-20 07:50 81920 c:\windows\$hf_mig$\KB963027\SP3QFE\ieencode.dll
+ 2009-02-20 08:10 . 2009-02-20 08:10 81920 c:\windows\$hf_mig$\KB963027\SP3GDR\ieencode.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 39424 c:\windows\$hf_mig$\KB963027\SP2QFE\pngfilt.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 16384 c:\windows\$hf_mig$\KB963027\SP2QFE\jsproxy.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 96256 c:\windows\$hf_mig$\KB963027\SP2QFE\inseng.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 81920 c:\windows\$hf_mig$\KB963027\SP2QFE\ieencode.dll
+ 2009-02-19 09:50 . 2009-02-19 09:50 18432 c:\windows\$hf_mig$\KB963027\SP2QFE\iedw.exe
+ 2009-02-20 08:14 . 2009-02-20 08:14 55808 c:\windows\$hf_mig$\KB963027\SP2QFE\extmgr.dll
+ 2009-04-17 05:47 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB961373\update\spcustom.dll
+ 2009-04-17 05:47 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB961373\spmsg.dll
+ 2009-04-17 05:42 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB960803\update\spcustom.dll
+ 2009-04-17 05:42 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB960803\spmsg.dll
+ 2009-04-17 05:45 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2009-04-17 05:45 . 2007-11-30 11:18 17272 c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2009-04-17 05:48 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB959426\update\spcustom.dll
+ 2009-04-17 05:48 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB959426\spmsg.dll
+ 2009-02-04 09:12 . 2009-02-04 09:12 56832 c:\windows\$hf_mig$\KB959426\SP3QFE\secur32.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\$hf_mig$\KB959426\SP3GDR\secur32.dll
+ 2009-02-03 19:52 . 2009-02-03 19:52 56320 c:\windows\$hf_mig$\KB959426\SP2QFE\secur32.dll
+ 2009-04-17 05:42 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2009-04-17 05:42 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2009-04-17 05:42 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2009-04-17 05:42 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2009-04-17 05:46 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2009-04-17 05:46 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2008-10-23 10:17 . 2008-10-23 10:17 62976 c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2008-10-23 10:06 . 2008-10-23 10:06 62976 c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-22 09:47 . 2008-10-22 09:47 62976 c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2009-04-17 05:48 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2009-04-17 05:48 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2008-06-24 16:53 . 2008-06-24 16:53 74240 c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2008-06-24 16:43 . 2008-06-24 16:43 74240 c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:28 . 2008-06-24 16:28 74240 c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2009-04-17 05:43 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB952004\update\spcustom.dll
+ 2009-04-17 05:43 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB952004\spmsg.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 91648 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxoci.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 66560 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxclu.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 58880 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtclog.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\$hf_mig$\KB952004\SP3GDR\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\$hf_mig$\KB952004\SP3GDR\mtxclu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtclog.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 91648 c:\windows\$hf_mig$\KB952004\SP2QFE\mtxoci.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 66560 c:\windows\$hf_mig$\KB952004\SP2QFE\mtxclu.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 58880 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtclog.dll
+ 2009-04-17 05:46 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2009-04-17 05:46 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2009-04-17 05:41 . 2007-03-06 01:22 22752 c:\windows\$hf_mig$\KB944338-v2\update\spcustom.dll
+ 2009-04-17 05:41 . 2007-03-06 01:22 14048 c:\windows\$hf_mig$\KB944338-v2\spmsg.dll
+ 2009-04-17 05:44 . 2005-10-12 23:16 22752 c:\windows\$hf_mig$\KB925720\update\spcustom.dll
+ 2009-04-17 05:44 . 2005-10-12 23:16 14048 c:\windows\$hf_mig$\KB925720\spmsg.dll
+ 2006-10-04 10:40 . 2006-10-04 10:40 50176 c:\windows\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2006-10-04 14:05 . 2006-10-04 14:05 35840 c:\windows\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 10:40 . 2006-10-04 10:40 53760 c:\windows\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40 . 2006-10-04 10:40 72704 c:\windows\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2002-01-20 05:18 . 2009-04-15 05:24 2644 c:\windows\system32\d3d9caps.dat
- 2002-01-20 05:18 . 2009-04-14 05:44 2644 c:\windows\system32\d3d9caps.dat
+ 2005-05-17 00:25 . 2009-02-19 09:47 351744 c:\windows\system32\xpsp3res.dll
- 2005-05-17 00:25 . 2008-04-17 10:37 351744 c:\windows\system32\xpsp3res.dll
+ 2004-01-08 22:23 . 2009-02-20 08:30 659456 c:\windows\system32\wininet.dll
- 2004-01-08 22:23 . 2008-04-21 07:04 659456 c:\windows\system32\wininet.dll
+ 2006-05-21 05:07 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2006-05-21 05:07 . 2004-08-04 07:56 351232 c:\windows\system32\winhttp.dll
+ 2006-05-21 01:43 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2006-05-21 01:43 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2006-05-21 01:43 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2001-08-23 12:00 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
+ 2004-09-23 23:07 . 2009-02-20 08:30 616448 c:\windows\system32\urlmon.dll
+ 2001-08-23 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
- 2004-08-20 21:41 . 2008-04-21 07:04 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-20 21:41 . 2009-02-20 08:30 474112 c:\windows\system32\shlwapi.dll
+ 2001-08-23 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
- 2001-08-23 12:00 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2001-08-23 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2006-05-21 05:15 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
- 2001-08-23 12:00 . 2009-03-08 20:13 436250 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2009-04-17 06:07 436250 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2001-08-23 12:00 . 2004-08-04 07:56 283648 c:\windows\system32\pdh.dll
- 2001-08-23 12:00 . 2004-08-04 07:56 215552 c:\windows\system32\osk.exe
+ 2001-08-23 12:00 . 2006-10-04 08:48 215552 c:\windows\system32\osk.exe
+ 2001-08-23 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2006-05-21 05:16 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
- 2001-08-23 12:00 . 2008-04-21 07:03 532480 c:\windows\system32\mstime.dll
+ 2001-08-23 12:00 . 2009-02-20 08:30 532480 c:\windows\system32\mstime.dll
+ 2001-08-23 12:00 . 2009-02-20 08:30 146432 c:\windows\system32\msrating.dll
- 2001-08-23 12:00 . 2008-04-21 07:03 146432 c:\windows\system32\msrating.dll
- 2001-08-23 12:00 . 2008-04-21 07:03 449024 c:\windows\system32\mshtmled.dll
+ 2001-08-23 12:00 . 2009-02-20 08:30 449024 c:\windows\system32\mshtmled.dll
+ 2006-05-21 05:15 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2006-05-21 05:15 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2006-05-21 05:15 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2001-08-23 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2001-08-23 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2003-01-13 21:57 . 2007-12-18 14:40 450560 c:\windows\system32\jscript.dll
- 2006-05-21 01:45 . 2007-05-16 15:12 683520 c:\windows\system32\inetcomm.dll
+ 2006-05-21 01:45 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
- 2001-08-23 12:00 . 2008-04-21 07:03 251392 c:\windows\system32\iepeers.dll
+ 2001-08-23 12:00 . 2009-02-20 08:30 251392 c:\windows\system32\iepeers.dll
+ 2001-08-23 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2006-05-20 18:14 . 2008-12-09 04:21 126912 c:\windows\system32\FNTCACHE.DAT
+ 2006-05-20 18:14 . 2009-04-17 06:02 126912 c:\windows\system32\FNTCACHE.DAT
+ 2006-05-21 05:15 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2001-08-23 12:00 . 2009-02-20 08:30 205312 c:\windows\system32\dxtrans.dll
- 2001-08-23 12:00 . 2008-04-21 07:03 205312 c:\windows\system32\dxtrans.dll
+ 2001-08-23 12:00 . 2009-02-20 08:30 357888 c:\windows\system32\dxtmsft.dll
- 2001-08-23 12:00 . 2008-04-21 07:03 357888 c:\windows\system32\dxtmsft.dll
+ 2001-08-23 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2001-08-23 12:00 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
+ 2009-04-05 18:36 . 2009-04-16 13:02 108552 c:\windows\system32\drivers\avgtdix.sys
- 2001-08-23 12:00 . 2008-06-20 10:44 138368 c:\windows\system32\drivers\afd.sys
+ 2001-08-23 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2009-04-15 22:06 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2009-04-15 22:08 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-04-15 22:08 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 659456 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:23 . 2008-04-21 07:04 659456 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-10 02:27 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2006-08-21 17:52 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-04-21 06:12 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
- 2006-05-10 05:23 . 2008-04-21 07:04 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-04-15 22:08 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2007-04-25 14:21 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
- 2007-04-25 14:21 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 22:08 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-15 22:08 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
+ 2006-10-04 08:48 . 2006-10-04 08:48 215552 c:\windows\system32\dllcache\osk.exe
+ 2009-04-15 22:08 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2006-07-14 15:31 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2008-04-21 07:03 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2008-04-21 07:03 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 146432 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:23 . 2008-04-21 07:03 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-10 05:23 . 2009-02-20 08:30 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-04-13 23:14 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2006-05-05 09:41 . 2008-10-24 11:10 453632 c:\windows\system32\dllcache\mrxsmb.sys
+ 2006-08-17 12:28 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-07-05 10:55 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2006-05-18 05:24 . 2007-12-18 14:40 450560 c:\windows\system32\dllcache\jscript.dll
- 2006-07-27 13:24 . 2007-05-16 15:12 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2006-07-27 13:24 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2006-05-10 05:22 . 2008-04-21 07:03 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2007-03-08 15:36 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2009-04-15 22:08 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2008-07-07 20:32 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-05-10 05:22 . 2008-04-21 07:03 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-05-10 05:22 . 2008-04-21 07:03 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 151040 c:\windows\system32\dllcache\cdfview.dll
- 2006-05-10 05:22 . 2008-04-21 07:03 151040 c:\windows\system32\dllcache\cdfview.dll
- 2008-06-20 10:44 . 2008-06-20 10:44 138368 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 10:44 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2009-04-15 22:08 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2001-08-23 12:00 . 2009-02-20 08:30 151040 c:\windows\system32\cdfview.dll
- 2001-08-23 12:00 . 2008-04-21 07:03 151040 c:\windows\system32\cdfview.dll
+ 2001-08-23 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2001-08-23 12:00 . 2004-08-04 07:56 616960 c:\windows\system32\advapi32.dll
+ 2001-08-23 12:00 . 2007-03-08 15:36 156672 c:\windows\ozitegigusobo.dll
- 2009-04-14 05:41 . 2005-10-21 01:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-14 18:29 . 2005-10-21 01:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
+ 2004-10-28 01:14 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-04-17 05:43 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2009-04-17 05:43 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2009-04-17 05:43 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-02-15 09:06 . 2008-02-15 09:06 351744 c:\windows\$hf_mig$\KB967715\SP2QFE\xpsp3res.dll
+ 2009-04-17 05:41 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB963027\update\updspapi.dll
+ 2009-04-17 05:41 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB963027\update\update.exe
+ 2009-04-17 05:41 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB963027\spuninst.exe
+ 2009-02-20 07:50 . 2009-02-20 07:50 667648 c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
+ 2009-02-20 07:50 . 2009-02-20 07:50 620032 c:\windows\$hf_mig$\KB963027\SP3QFE\urlmon.dll
+ 2009-02-20 08:10 . 2009-02-20 08:10 666112 c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
+ 2009-02-20 08:10 . 2009-02-20 08:10 619520 c:\windows\$hf_mig$\KB963027\SP3GDR\urlmon.dll
+ 2009-02-19 09:47 . 2009-02-19 09:47 351744 c:\windows\$hf_mig$\KB963027\SP2QFE\xpsp3res.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 668160 c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 619520 c:\windows\$hf_mig$\KB963027\SP2QFE\urlmon.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 474112 c:\windows\$hf_mig$\KB963027\SP2QFE\shlwapi.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 532480 c:\windows\$hf_mig$\KB963027\SP2QFE\mstime.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 146432 c:\windows\$hf_mig$\KB963027\SP2QFE\msrating.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 449024 c:\windows\$hf_mig$\KB963027\SP2QFE\mshtmled.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 251904 c:\windows\$hf_mig$\KB963027\SP2QFE\iepeers.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 205312 c:\windows\$hf_mig$\KB963027\SP2QFE\dxtrans.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 357888 c:\windows\$hf_mig$\KB963027\SP2QFE\dxtmsft.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 151040 c:\windows\$hf_mig$\KB963027\SP2QFE\cdfview.dll
+ 2009-04-17 05:47 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB961373\update\updspapi.dll
+ 2009-04-17 05:47 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB961373\update\update.exe
+ 2009-04-17 05:47 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB961373\spuninst.exe
+ 2009-04-17 05:42 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB960803\update\updspapi.dll
+ 2009-04-17 05:42 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB960803\update\update.exe
+ 2009-04-17 05:42 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB960803\spuninst.exe
+ 2008-12-16 12:22 . 2008-12-16 12:22 354304 c:\windows\$hf_mig$\KB960803\SP3QFE\winhttp.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\$hf_mig$\KB960803\SP3GDR\winhttp.dll
+ 2008-12-16 12:36 . 2008-12-16 12:36 354304 c:\windows\$hf_mig$\KB960803\SP2QFE\winhttp.dll
+ 2009-04-17 05:45 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2009-04-17 05:45 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2009-04-17 05:45 . 2007-11-30 11:18 231288 c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2008-12-05 06:58 . 2008-12-05 06:58 144896 c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2008-12-05 06:54 . 2008-12-05 06:54 144896 c:\windows\$hf_mig$\KB960225\SP3GDR\schannel.dll
+ 2008-12-05 06:41 . 2008-12-05 06:41 144896 c:\windows\$hf_mig$\KB960225\SP2QFE\schannel.dll
+ 2009-04-17 05:48 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB959426\update\updspapi.dll
+ 2009-04-17 05:48 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB959426\update\update.exe
+ 2009-04-17 05:48 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB959426\spuninst.exe
+ 2009-03-21 13:59 . 2009-03-21 13:59 991744 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
+ 2009-03-21 13:54 . 2009-03-21 13:54 989184 c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
+ 2009-04-17 05:42 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2009-04-17 05:42 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2009-04-17 05:42 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2009-04-17 05:42 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2009-04-17 05:42 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2009-04-17 05:42 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-10-23 12:43 . 2008-10-23 12:43 286720 c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-10-23 12:36 . 2008-10-23 12:36 286720 c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:51 . 2008-10-23 12:51 284160 c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2009-04-17 05:46 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2009-04-17 05:46 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2009-04-17 05:46 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2009-04-17 05:48 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2009-04-17 05:48 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2009-04-17 05:48 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2009-04-17 05:43 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB952004\update\updspapi.dll
+ 2009-04-17 05:43 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB952004\update\update.exe
+ 2009-04-17 05:43 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB952004\spuninst.exe
+ 2008-06-12 14:09 . 2008-06-12 14:09 161792 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 956928 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtctm.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 428032 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtcprx.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 161792 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtcuiu.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 956928 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtctm.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 428032 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtcprx.dll
+ 2009-04-17 05:46 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2009-04-17 05:46 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2009-04-17 05:46 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2008-07-07 20:23 . 2008-07-07 20:23 253952 c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2008-07-07 20:26 . 2008-07-07 20:26 253952 c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:06 . 2008-07-07 20:06 253952 c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2009-04-17 05:41 . 2007-03-06 01:23 371424 c:\windows\$hf_mig$\KB944338-v2\update\updspapi.dll
+ 2009-04-17 05:41 . 2007-03-06 01:22 716000 c:\windows\$hf_mig$\KB944338-v2\update\update.exe
+ 2009-04-17 05:41 . 2007-03-06 01:22 213216 c:\windows\$hf_mig$\KB944338-v2\spuninst.exe
+ 2007-12-18 14:32 . 2007-12-18 14:32 417792 c:\windows\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
+ 2007-12-18 14:32 . 2007-12-18 14:32 450560 c:\windows\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
+ 2009-04-17 05:44 . 2005-10-12 23:16 371424 c:\windows\$hf_mig$\KB925720\update\updspapi.dll
+ 2009-04-17 05:44 . 2005-10-12 23:16 716000 c:\windows\$hf_mig$\KB925720\update\update.exe
+ 2009-04-17 05:44 . 2005-10-12 23:16 213216 c:\windows\$hf_mig$\KB925720\spuninst.exe
+ 2006-10-04 10:40 . 2006-10-04 10:40 215552 c:\windows\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2009-04-14 00:58 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2008-09-30 21:42 . 2008-09-30 21:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2001-08-23 12:00 . 2008-06-10 16:57 2364472 c:\windows\system32\WMVCore.dll
+ 2001-08-23 12:00 . 2008-06-10 16:37 1026048 c:\windows\system32\WMNetmgr.dll
+ 2001-08-23 12:00 . 2009-02-09 10:19 1846272 c:\windows\system32\win32k.sys
+ 2001-08-23 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-27 19:57 . 2009-03-02 23:52 1495552 c:\windows\system32\shdocvw.dll
+ 2001-08-23 12:00 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
- 2001-08-23 12:00 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2001-08-23 12:00 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe
- 2001-08-23 12:00 . 2007-02-28 09:08 2136064 c:\windows\system32\ntoskrnl.exe
+ 2001-08-17 13:48 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe
- 2001-08-17 13:48 . 2007-02-28 08:38 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2008-08-30 01:06 . 2008-08-30 01:06 1350664 c:\windows\system32\msxml6.dll
+ 2008-09-30 21:43 . 2008-09-30 21:43 1286152 c:\windows\system32\msxml4.dll
+ 2001-08-23 12:00 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2004-09-29 08:45 . 2009-02-20 08:30 3059712 c:\windows\system32\mshtml.dll
- 2004-09-29 08:45 . 2008-04-21 07:03 3059712 c:\windows\system32\mshtml.dll
+ 2001-08-23 12:00 . 2008-06-10 16:57 2364472 c:\windows\system32\dllcache\WMVCore.dll
+ 2001-08-23 12:00 . 2008-06-10 16:37 1026048 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2007-03-08 13:47 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2006-07-13 13:33 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2006-05-29 15:30 . 2009-03-02 23:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
- 2008-05-07 05:18 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:18 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2006-12-19 14:17 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-12-19 12:55 . 2007-02-28 08:38 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 14:15 . 2007-02-28 09:08 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-09-13 05:01 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2006-05-19 15:08 . 2009-02-20 08:30 3059712 c:\windows\system32\dllcache\mshtml.dll
- 2006-05-19 15:08 . 2008-04-21 07:03 3059712 c:\windows\system32\dllcache\mshtml.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 1054208 c:\windows\system32\dllcache\danim.dll
- 2006-05-10 05:22 . 2008-04-21 07:03 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-05-10 05:22 . 2009-02-20 08:30 1023488 c:\windows\system32\dllcache\browseui.dll
- 2006-05-10 05:22 . 2008-04-21 07:03 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2001-08-23 12:00 . 2009-02-20 08:30 1054208 c:\windows\system32\danim.dll
- 2001-08-23 12:00 . 2008-04-21 07:03 1054208 c:\windows\system32\danim.dll
- 2004-01-16 11:29 . 2008-04-21 07:03 1023488 c:\windows\system32\browseui.dll
+ 2004-01-16 11:29 . 2009-02-20 08:30 1023488 c:\windows\system32\browseui.dll
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-03-02 00:34 . 2007-02-28 08:38 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 00:57 . 2007-02-28 09:08 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-06-17 19:04 . 2008-06-17 19:04 8461824 c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll
+ 2008-07-03 13:03 . 2008-07-03 13:03 8460800 c:\windows\$hf_mig$\KB967715\SP2QFE\shell32.dll
+ 2009-03-02 23:12 . 2009-03-02 23:12 1499136 c:\windows\$hf_mig$\KB963027\SP3QFE\shdocvw.dll
+ 2009-02-20 07:50 . 2009-02-20 07:50 3068416 c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll
+ 2009-03-02 23:04 . 2009-03-02 23:04 1499136 c:\windows\$hf_mig$\KB963027\SP3GDR\shdocvw.dll
+ 2009-02-20 08:11 . 2009-02-20 08:11 3068416 c:\windows\$hf_mig$\KB963027\SP3GDR\mshtml.dll
+ 2009-03-02 23:27 . 2009-03-02 23:27 1499136 c:\windows\$hf_mig$\KB963027\SP2QFE\shdocvw.dll
+ 2009-02-20 21:44 . 2009-02-20 21:44 3067904 c:\windows\$hf_mig$\KB963027\SP2QFE\mshtml.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 1054208 c:\windows\$hf_mig$\KB963027\SP2QFE\danim.dll
+ 2009-02-20 08:14 . 2009-02-20 08:14 1024000 c:\windows\$hf_mig$\KB963027\SP2QFE\browseui.dll
+ 2008-12-20 23:14 . 2008-12-20 23:14 1288192 c:\windows\$hf_mig$\KB961373\SP3QFE\quartz.dll
+ 2008-12-20 22:14 . 2008-12-20 22:14 1288192 c:\windows\$hf_mig$\KB961373\SP3GDR\quartz.dll
+ 2008-12-20 22:59 . 2008-12-20 22:59 1288192 c:\windows\$hf_mig$\KB961373\SP2QFE\quartz.dll
+ 2009-02-09 11:08 . 2009-02-09 11:08 1847552 c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2009-02-09 11:13 . 2009-02-09 11:13 1846784 c:\windows\$hf_mig$\KB958690\SP3GDR\win32k.sys
+ 2009-02-09 10:20 . 2009-02-09 10:20 1847424 c:\windows\$hf_mig$\KB958690\SP2QFE\win32k.sys
+ 2009-04-17 05:44 . 2009-04-06 12:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11357319-ccdc-c372-987d-e16a5caae17f}]
2007-03-08 10:36 156672 --a------ c:\windows\ozitegigusobo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\106b3ec4-611a-4b0e-9964-a4f001c18f01.exe" [2008-02-25 1481968]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 4670968]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-26 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-11 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Pdaxemawixorige"="c:\windows\ozitegigusobo.dll" [2007-03-08 156672]
"CTHelper"="CTHELPER.EXE" [2005-08-29 c:\windows\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2007-10-10 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-24 c:\windows\RTHDCPL.exe]

c:\documents and settings\Mason\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]

c:\documents and settings\Saavedra\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2009-04-07 2590040]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2009-04-07 464240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-09 1783128]
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-04-01 1478728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-05 13:36 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttsQgf]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0091014]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli maprtfrs.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless PCI Card Configuration Utility.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2009-04-18 21:35 1833984 c:\program files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-12-04 18:39 461584 c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 18:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-20 17:42 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-11 18:47 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 10:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"e:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\UBISOFT\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\UBISOFT\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12403:TCP"= 12403:TCP:BitComet 12403 TCP
"12403:UDP"= 12403:UDP:BitComet 12403 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56861:TCP"= 56861:TCP:Pando Media Booster
"56861:UDP"= 56861:UDP:Pando Media Booster

R2 avg8emc;AVG Free8 E-mail Scanner; [x]
R2 avg8wd;AVG Free8 WatchDog; [x]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-10-17 30720]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver; [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-27 360547]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-16 2780212]
R3 PAC207;Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver; [x]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-05 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-16 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31.sys [2008-03-12 421376]
S3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-12-14 57408]


--- Other Services/Drivers In Memory ---

*Deregistered* - dump_wmimmc
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-21 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix\ErrorFix.exe []

2009-04-21 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix []

2009-04-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 20:12]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 58.61.144.147:3128
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} - hxxp://www.tricksteronline.com/control/tricksterActiveX.cab
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.tricksteronline.com/control/KALogoutComponent.cab
FF - ProfilePath - c:\documents and settings\Saavedra\Application Data\Mozilla\Firefox\Profiles\nabqinck.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Saavedra\Application Data\Mozilla\Firefox\Profiles\nabqinck.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 02:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{563F5E5C-BBFF-BC60-8E3D-83CF6260F8BC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadlnhflhfldffenca"=hex:69,61,62,69,6d,6d,6f,70,68,6a,6d,69,64,70,66,6c,61,6d,
00,7c
"hajjpjelaelahdaj"=hex:69,61,62,69,6d,6d,6f,70,68,6a,6d,69,64,70,66,6c,61,6d,
00,7c
"iapjniocafemoigeee"=hex:63,61,66,67,64,6d,00,00

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,0a,0f,d2,05,bd,fc,4f,4d,d1,77,cb,5f,87,ec,86,ff,16,86,5d,c0,7f,b8,
3d,7b,91,f2,ef,68,ba,b5,02,fb,6f,b1,c4,c0,b3,5d,18,ca,fe,fe,93,9e,39,6c,49,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1606980848-1965331169-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:17,8f,3a,a2,5d,a6,5f,4f,0d,ca,33,7c,ac,11,e4,75,cb,f6,a8,47,88,
8b,c2,c6,d5,e4,54,06,dd,9b,14,1c,e1,7a,d0,88,29,35,44,55,d0,3e,ce,14,8e,6a,\
"rkeysecu"=hex:a4,a2,88,29,79,5c,ec,81,26,79,6e,ae,c2,80,08,18
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(636)
c:\windows\maprtfrs.dll

- - - - - - - > 'explorer.exe'(2420)
c:\windows\maprtfrs.dll
c:\windows\ozitegigusobo.dll
.
Completion time: 2009-04-22 2:06
ComboFix-quarantined-files.txt 2009-04-22 07:05
ComboFix2.txt 2009-04-14 05:55
ComboFix3.txt 2009-04-13 17:16

Pre-Run: 22,824,415,232 bytes free
Post-Run: 22,852,980,736 bytes free

735 --- E O F --- 2009-04-17 06:07

#14 LuzaMink

LuzaMink
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 22 April 2009 - 02:22 AM

As for how my computer's behaving; Not so great. Things are running slowly, some programs refuse to run at all nowadays, and my internet connection seems spottier than ever. :/

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:31 AM

Posted 22 April 2009 - 12:25 PM

Combofix is now outdated.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image


==============


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users