Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds

Featured Deal: Get 98% off The Ultimate IT Certification Training Bundle Deal

DDS log for Antivirus Pro 2010/Security Tool infection

Started by akdavis , Oct 20 2009 01:53 PM

This topic is locked

28 replies to this topic

#1 akdavis

Members
40 posts
OFFLINE

Local time:01:22 AM

Posted 20 October 2009 - 01:53 PM

Referred here by Boopme. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/264624/antivirus-pro-2010-no-success-with-mbam-and-need-help/ ~ OB Can't seem to get rid of something lingering on my system. Both Antivirus Pro 2010 and Security Tool popped up before, as well as a suspicious _ex-08.exe process. Avira failed to stop it, SAS an MBAM failed to solve it. Now I don't see overt signs other than the hard drive is spinning for no reason, but computer force restarts when I try to run scans with DrWebCureIt and Rootrepeal. I have my system off the internet and have been using a flash drive to move .exe's and logs back and forth from my wife's Mac. Help would be most appreciated. DDS log:

DDS (Ver_09-10-13.01) - NTFSx86
Run by Alan at 13:36:14.37 on Tue 10/20/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1575 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Magazine Utilities\TaskPower\TaskPower.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Alan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.npr.org/
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: ImageShack Toolbar: {6932d140-abc4-4073-a44c-d4a541665e35} - c:\windows\imageshacktoolbar\ImageShackToolbar.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [USIUDF_Eject_Monitor] c:\program files\common files\ulead systems\dvd\USISrv.exe
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\Monitor.exe
mRun: [Ulead Photo Express Calendar Checker] c:\program files\ulead systems\ulead photo express my scrapbook 2.0\calcheck.exe
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Kbugaxukow] rundll32.exe "c:\windows\ivikahuboze.dll",Startup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueswitchat&tyahoo\TrueWizard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Post Image to Blog - c:\windows\imageshacktoolbar\ImageShackToolbar.dll/5003
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Tag This Image - c:\windows\imageshacktoolbar\ImageShackToolbar.dll/5002
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: Upload All Images to ImageShack - c:\windows\imageshacktoolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\windows\imageshacktoolbar\ImageShackToolbar.dll/5001
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: imageshack.us\toolbar
Trusted Zone: memeo.com\seagate
DPF: {00000D27-0000-0000-0000-000000000000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} - hxxp://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - hxxp://www.ritzpix.com/net/Uploader/LPUploader41.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://hgtv.view22.com/view22/app/view22rte.cab
DPF: {C22877C3-4214-11D0-B0DA-080009C351D7} - hxxp://seagate.memeo.com/dragndrop.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: ms32clod.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SIWinAcc.sys [2004-11-18 10240]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-29 108289]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2006-8-11 8192]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2009-9-30 36384]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2007-3-30 2560]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-8-17 2789160]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2006-4-28 69120]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys --> c:\windows\system32\drivers\chdrvr01.sys [?]
S3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys --> c:\windows\system32\drivers\chdrvr03.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [2008-1-17 135048]
S3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [2008-1-17 28544]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-8-17 15656]

=============== Created Last 30 ================

2009-10-18 20:52 a-dshr-- C:\autorun.inf
2009-10-17 10:17 169,596 a------- c:\windows\system32\jx7xq1.tmp
2009-10-17 10:17 108,563 a------- c:\windows\system32\3itvpl.tmp
2009-10-17 10:17 261,041 a------- c:\windows\system32\uf4ths.tmp
2009-10-17 10:17 180,527 a------- c:\windows\system32\v25nbd.tmp
2009-10-17 10:14 179,369 a------- c:\windows\system32\bi57jm.tmp
2009-10-17 10:14 248,621 a------- c:\windows\system32\dffkxp.tmp
2009-10-17 10:14 363,549 a------- c:\windows\system32\xqmk72.tmp
2009-10-17 10:14 276,622 a------- c:\windows\system32\yq4zxh.tmp
2009-10-17 09:50 219,776 a------- c:\windows\system32\yv4uua.tmp
2009-10-17 09:50 166,844 a------- c:\windows\system32\atwfvc.tmp
2009-10-17 09:50 285,072 a------- c:\windows\system32\6guxnz.tmp
2009-10-17 09:50 206,099 a------- c:\windows\system32\ta0ykh.tmp
2009-10-17 01:01 172,296 a------- c:\windows\system32\x3i0lu.tmp
2009-10-17 01:01 97,777 a------- c:\windows\system32\zpakpr.tmp
2009-10-17 00:51 3,279,925 a------- c:\windows\system32\8zjnyq.tmp
2009-10-17 00:51 3,339,005 a------- c:\windows\system32\n0xfvu.tmp
2009-10-17 00:45 753,600 a------- c:\windows\system32\3yq3uh.tmp
2009-10-17 00:41 2,406,703 a------- c:\windows\system32\7hj2o0.tmp
2009-10-17 00:41 2,603,899 a------- c:\windows\system32\kd0up6.tmp
2009-10-17 00:28 75,504 a------- c:\windows\system32\p2d8gd.tmp
2009-10-17 00:28 72,854 a------- c:\windows\system32\rpkphe.tmp
2009-10-17 00:28 120,031 a------- c:\windows\system32\3z2rhx.tmp
2009-10-17 00:28 93,550 a------- c:\windows\system32\ljeecg.tmp
2009-10-17 00:26 20,992 a------- c:\windows\system32\perfc5932.dat
2009-10-17 00:26 1 a------- c:\windows\system32\perfc7683.dat
2009-10-17 00:26 26,112 a------- c:\windows\system32\stu2.exe
2009-10-16 12:56 --d----- c:\windows\system32\scripting
2009-10-16 12:56 --d----- c:\windows\system32\en
2009-10-16 12:56 --d----- c:\windows\system32\bits
2009-10-16 12:56 --d----- c:\windows\l2schemas
2009-10-15 15:51 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-15 15:50 --d----- c:\program files\SUPERAntiSpyware
2009-10-15 15:50 --d----- c:\docume~1\alan\applic~1\SUPERAntiSpyware.com
2009-10-15 15:17 14,672 a------- c:\windows\system32\qolo.pif
2009-10-15 15:04 19,167 a------- c:\windows\cativadem.bat
2009-10-15 15:04 18,171 a------- c:\program files\common files\okikoku.exe
2009-10-15 15:04 18,099 a------- c:\program files\common files\mukukem.exe
2009-10-15 15:04 14,873 a------- c:\windows\yfusuvine.vbs
2009-10-15 15:04 14,390 a------- c:\program files\common files\ucygefak.com
2009-10-15 15:04 13,243 a------- c:\program files\common files\ikupi.bat
2009-10-15 15:04 12,613 a------- c:\windows\system32\detas.pif
2009-10-15 15:04 12,325 a------- c:\windows\system32\ukidaneqob.dll
2009-10-15 15:04 10,550 a------- c:\program files\common files\uhomi.vbs
2009-10-15 15:04 10,516 a------- c:\windows\system32\etifusyj.reg
2009-10-15 15:04 10,245 a------- c:\windows\lupowyqegi._sy
2009-10-15 14:38 19,857 a------- c:\docume~1\alan\applic~1\pytename.pif
2009-10-15 14:38 19,607 a------- c:\windows\fake.lib
2009-10-15 14:38 15,825 a------- c:\windows\system32\uqoxasy.scr
2009-10-15 14:38 15,753 a------- c:\docume~1\alluse~1\applic~1\coju.com
2009-10-15 14:38 13,328 a------- c:\docume~1\alluse~1\applic~1\wyninavi.pif
2009-10-15 14:38 17,839 a------- c:\windows\yzilyro.dat
2009-10-15 14:38 17,258 a------- c:\windows\sufag._dl
2009-10-15 14:38 17,160 a------- c:\docume~1\alluse~1\applic~1\teda.com
2009-10-15 14:38 14,853 a------- c:\windows\kuhogef._sy
2009-10-15 14:38 10,704 a------- c:\windows\azutegavi.dll
2009-10-15 14:38 10,493 a------- c:\windows\mizu.bin
2009-10-15 14:38 --d----- C:\WTablet
2009-10-15 14:26 120 a------- c:\windows\Wcadad.dat
2009-10-15 14:26 0 a------- c:\windows\Rfufahinalulin.bin
2009-10-15 14:24 18,908 a------- c:\windows\system32\aduk.com
2009-10-15 14:24 17,963 a------- c:\windows\system32\agywip.exe
2009-10-15 14:24 17,056 a------- c:\windows\system32\ifujabumi.com
2009-10-15 14:24 16,654 a------- c:\windows\system32\jakucehad.scr
2009-10-15 14:24 14,585 a------- c:\docume~1\alan\applic~1\balutuq.sys
2009-10-15 14:24 12,370 a------- c:\docume~1\alluse~1\applic~1\hire.scr
2009-10-15 14:24 12,264 a------- c:\windows\ohuj.bin
2009-10-15 14:24 10,550 a------- c:\program files\common files\ypelij.scr
2009-10-15 14:24 19,667 a------- c:\windows\system32\irafewuki.dat
2009-10-15 14:24 18,630 a------- c:\docume~1\alan\applic~1\lasujac.scr
2009-10-15 14:24 10,542 a------- c:\windows\lyzu._dl
2009-10-09 18:45 --dsh--- c:\documents and settings\alan\PrivacIE
2009-10-09 17:58 --dsh--- c:\documents and settings\alan\IETldCache
2009-10-09 17:47 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-10-09 17:47 --d----- c:\windows\ie8updates
2009-10-09 17:47 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-10-09 17:47 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-10-09 17:46 -cd-h--- c:\windows\ie8
2009-10-06 15:32 --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-10-06 15:32 --d----- c:\program files\NVIDIA Corporation
2009-10-06 15:31 --d----- C:\NVIDIA
2009-10-05 19:57 --d----- c:\program files\FB Swatika Enabler
2009-09-30 11:14 36,384 a------- c:\windows\system32\drivers\npusbio.sys
2009-09-30 11:14 --d----- c:\program files\NaturalPoint
2009-09-27 18:20 2,173,544 a------- c:\windows\system32\nvcplui.exe
2009-09-27 18:20 420,456 a------- c:\windows\system32\nvcpl.cpl
2009-09-27 18:20 81,920 a------- c:\windows\system32\nvwddi.dll
2009-09-27 16:12 10,756,096 a------- c:\windows\system32\nvoglnt.dll
2009-09-27 16:12 2,194,024 a------- c:\windows\system32\nvcuvid.dll
2009-09-27 16:12 2,007,040 a------- c:\windows\system32\nvcuda.dll
2009-09-27 16:12 1,714,792 a------- c:\windows\system32\nvcuvenc.dll
2009-09-27 16:12 1,604,482 a------- c:\windows\system32\nvdata.bin
2009-09-27 16:12 888,832 a------- c:\windows\system32\nvapi.dll
2009-09-27 16:12 170,600 a------- c:\windows\system32\nvcodins.dll
2009-09-27 16:12 170,600 a------- c:\windows\system32\nvcod.dll
2009-09-21 18:15 --d----- c:\program files\Defraggler

==================== Find3M ====================

2009-10-20 13:27 3,961 a--sh--- c:\windows\system32\mmf.sys
2009-10-17 22:15 3,172 a------- c:\windows\system32\tmp.reg
2009-10-17 00:32 476,089 a------- c:\windows\system32\a6x07r.tmp
2009-10-17 00:32 471,601 a------- c:\windows\system32\0jwtsu.tmp
2009-10-17 00:32 280,393 a------- c:\windows\system32\pugo0x.tmp
2009-10-17 00:32 272,334 a------- c:\windows\system32\l36zlg.tmp
2009-10-17 00:32 255,972 a------- c:\windows\system32\m3hfve.tmp
2009-10-17 00:32 251,580 a------- c:\windows\system32\rs8xdo.tmp
2009-10-17 00:27 49,937 a------- c:\windows\system32\e5fo0p.tmp
2009-10-17 00:27 41,316 a------- c:\windows\system32\18yrsa.tmp
2009-10-17 00:27 35,535 a------- c:\windows\system32\kujdp6.tmp
2009-10-17 00:27 34,758 a------- c:\windows\system32\4s4dub.tmp
2009-10-17 00:27 34,508 a------- c:\windows\system32\26cvyo.tmp
2009-10-17 00:27 32,993 a------- c:\windows\system32\j5wqtr.tmp
2009-10-17 00:26 68,096 a------- c:\windows\system32\userinit.exe
2009-10-16 12:57 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-10-15 15:04 19,168 a------- c:\program files\common files\bydaz.db
2009-10-15 15:04 16,758 a------- c:\program files\common files\licexyj.inf
2009-10-15 14:38 11,478 a------- c:\program files\common files\fatim._dl
2009-09-27 18:19 3,166,208 a------- c:\windows\system32\nvwss.dll
2009-09-27 18:19 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-09-27 18:19 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-09-27 18:19 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-09-27 18:19 188,416 a------- c:\windows\system32\nvmccss.dll
2009-09-27 18:19 13,918,208 a------- c:\windows\system32\nvcpl.dll
2009-09-27 18:19 4,935,680 a------- c:\windows\system32\nvdisps.dll
2009-09-27 18:19 172,100 a------- c:\windows\system32\nvsvc32.exe
2009-09-27 18:19 143,360 a------- c:\windows\system32\nvcolor.exe
2009-09-27 18:19 86,016 a------- c:\windows\system32\nvmctray.dll
2009-09-27 18:19 229,376 a------- c:\windows\system32\nvmccs.dll
2009-09-27 16:12 7,655,872 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 16:12 5,900,416 a------- c:\windows\system32\nv4_disp.dll
2009-09-24 09:24 490,088 a------- c:\windows\system32\NVUNINST.EXE
2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 03:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 13:36 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 09:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-03 00:21 23,320 a------- c:\windows\system32\PhysXDevice.dll
2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll

============= FINISH: 13:36:36.81 ===============

Attached Files

Attach.txt 22.04KB 2 downloads

Edited by Orange Blossom, 20 October 2009 - 09:51 PM.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Buckeye_Sam

Malware Expert

Members
17,382 posts
OFFLINE

Gender:Male
Location:Pickerington, Ohio
Local time:01:22 AM

Posted 21 October 2009 - 07:38 PM

Hello!

My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Make sure that you save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If I have helped you in any way, please consider a donation to help me continue the fight against malware.

Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!

========================================================

#3 akdavis

Topic Starter

Members
40 posts
OFFLINE

Local time:01:22 AM

Posted 21 October 2009 - 08:27 PM

Thanks for the help Sam. A .dll error popped after combofix restarted the comp during the scan, but was gone before I could catch the file name. Here is the combofix log:

ComboFix 09-10-20.03 - Alan 10/21/2009 20:11.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1570 [GMT -5:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alan\Application Data\balutuq.sys
c:\documents and settings\Alan\Application Data\lasujac.scr
c:\documents and settings\Alan\Application Data\lynucodaw._sy
c:\documents and settings\Alan\Application Data\pytename.pif
c:\documents and settings\Alan\Application Data\tuvajunope._dl
c:\documents and settings\Alan\Local Settings\Application Data\ajusoluxi.sys
c:\documents and settings\Alan\Local Settings\Application Data\bebemiwu.pif
c:\documents and settings\Alan\Local Settings\Application Data\donejo.com
c:\documents and settings\Alan\Local Settings\Application Data\ived._dl
c:\documents and settings\Alan\Local Settings\Application Data\qajas.com
c:\documents and settings\Alan\Local Settings\Application Data\sugirogaba.bat
c:\documents and settings\Alan\Local Settings\Application Data\ymifyfazul.bat
c:\documents and settings\Alan\Local Settings\Application Data\zitixy.inf
c:\documents and settings\Alan\Local Settings\Temporary Internet Files\henicu.lib
c:\documents and settings\Alan\Local Settings\Temporary Internet Files\hynomiq.sys
c:\documents and settings\Alan\Local Settings\Temporary Internet Files\lufifi.dat
c:\documents and settings\Alan\Local Settings\Temporary Internet Files\nezo.dl
c:\documents and settings\Alan\Local Settings\Temporary Internet Files\nucupytiki.dll
c:\documents and settings\Alan\Local Settings\Temporary Internet Files\sacog.dl
c:\documents and settings\Alan\Local Settings\Temporary Internet Files\todir.pif
c:\documents and settings\Alan\Local Settings\Temporary Internet Files\uqexupu.scr
c:\documents and settings\Alan\Local Settings\Temporary Internet Files\uwecece.com
c:\documents and settings\All Users\Application Data\coju.com
c:\documents and settings\All Users\Application Data\hire.scr
c:\documents and settings\All Users\Application Data\ijety._dl
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\moma._dl
c:\documents and settings\All Users\Application Data\nocagysa.lib
c:\documents and settings\All Users\Application Data\teda.com
c:\documents and settings\All Users\Application Data\wyninavi.pif
c:\documents and settings\All Users\Documents\alahagide.pif
c:\documents and settings\All Users\Documents\bynote._sy
c:\documents and settings\All Users\Documents\evezuva.bin
c:\documents and settings\All Users\Documents\ikexefegib.com
c:\documents and settings\All Users\Documents\limagaqodi.ban
c:\documents and settings\All Users\Documents\rucygecyre._dl
c:\documents and settings\All Users\Documents\ukan.inf
c:\documents and settings\All Users\Documents\ylynuxo.ban
c:\program files\Common Files\fatim._dl
c:\program files\Common Files\ikupi.bat
c:\program files\Common Files\licexyj.inf
c:\program files\Common Files\mukukem.exe
c:\program files\Common Files\okikoku.exe
c:\program files\Common Files\ucygefak.com
c:\program files\Common Files\uhomi.vbs
c:\program files\Common Files\ypelij.scr
c:\windows\azutegavi.dll
c:\windows\cativadem.bat
c:\windows\Installer\WMEncoder.msi
c:\windows\ivikahuboze.dll
c:\windows\kuhogef._sy
c:\windows\lupowyqegi._sy
c:\windows\lyzu._dl
c:\windows\mizu.bin
c:\windows\ohuj.bin
c:\windows\sufag._dl
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\agywip.exe
c:\windows\system32\detas.pif
c:\windows\system32\dumphive.exe
c:\windows\system32\etifusyj.reg
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\jakucehad.scr
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\pst.dat
c:\windows\system32\qolo.pif
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\ukidaneqob.dll
c:\windows\system32\uqoxasy.scr
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\yfusuvine.vbs

----- BITS: Possible infected sites -----

hxxp://mastoblastobrevodo.com
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games

((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-16 17:56 . 2009-10-16 17:56 -------- d-----w- c:\windows\system32\scripting
2009-10-16 17:56 . 2009-10-16 17:56 -------- d-----w- c:\windows\system32\en
2009-10-16 17:56 . 2009-10-16 17:56 -------- d-----w- c:\windows\system32\bits
2009-10-16 17:56 . 2009-10-16 17:56 -------- d-----w- c:\windows\l2schemas
2009-10-15 20:51 . 2009-10-15 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-15 20:50 . 2009-10-15 21:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-15 20:50 . 2009-10-15 20:50 -------- d-----w- c:\documents and settings\Alan\Application Data\SUPERAntiSpyware.com
2009-10-15 19:38 . 2009-10-15 19:38 17839 ----a-w- c:\windows\yzilyro.dat
2009-10-15 19:38 . 2009-10-15 19:38 -------- d-----w- C:\WTablet
2009-10-15 19:26 . 2009-10-21 17:19 0 ----a-w- c:\windows\Rfufahinalulin.bin
2009-10-15 19:26 . 2009-10-17 14:45 120 ----a-w- c:\windows\Wcadad.dat
2009-10-15 19:26 . 2009-10-15 19:26 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\{1D5EE0CD-B464-4F51-BE91-5E9822CB24A9}
2009-10-15 19:24 . 2009-10-15 19:24 18908 ----a-w- c:\windows\system32\aduk.com
2009-10-15 19:24 . 2009-10-15 19:24 17056 ----a-w- c:\windows\system32\ifujabumi.com
2009-10-15 19:24 . 2009-10-15 19:24 19667 ----a-w- c:\windows\system32\irafewuki.dat
2009-10-11 19:34 . 2009-10-11 19:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-09 23:45 . 2009-10-09 23:45 -------- d-sh--w- c:\documents and settings\Alan\PrivacIE
2009-10-09 22:58 . 2009-10-09 22:58 -------- d-sh--w- c:\documents and settings\Alan\IETldCache
2009-10-09 22:47 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-09 22:47 . 2009-10-09 22:47 -------- d-----w- c:\windows\ie8updates
2009-10-09 22:47 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-09 22:47 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-09 22:46 . 2009-10-09 22:46 -------- dc-h--w- c:\windows\ie8
2009-10-06 20:32 . 2009-10-06 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-10-06 20:32 . 2009-10-06 20:32 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-06 20:31 . 2009-10-06 20:31 -------- d-----w- C:\NVIDIA
2009-10-06 00:57 . 2009-10-06 00:57 -------- d-----w- c:\program files\FB Swatika Enabler
2009-09-30 16:14 . 2008-04-25 19:54 36384 ----a-w- c:\windows\system32\drivers\npusbio.sys
2009-09-30 16:14 . 2009-09-30 16:14 -------- d-----w- c:\program files\NaturalPoint
2009-09-27 23:20 . 2009-09-27 23:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 23:20 . 2009-09-27 23:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 23:19 . 2009-09-27 23:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 23:19 . 2009-09-27 23:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 23:19 . 2009-09-27 23:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 23:19 . 2009-09-27 23:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 23:19 . 2009-09-27 23:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 23:19 . 2009-09-27 23:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 23:19 . 2009-09-27 23:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 23:19 . 2009-09-27 23:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 23:19 . 2009-09-27 23:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 23:19 . 2009-09-27 23:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 23:19 . 2009-09-27 23:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 21:12 . 2009-09-27 21:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 21:12 . 2009-09-27 21:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-09-27 21:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2009-09-27 21:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 21:12 . 2009-09-27 21:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 21:12 . 2009-09-27 21:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 01:18 . 2009-08-17 20:57 -------- d-----w- c:\documents and settings\Alan\Application Data\WTablet
2009-10-22 01:18 . 2007-03-31 02:46 3961 --sha-w- c:\windows\system32\mmf.sys
2009-10-22 01:07 . 2008-06-17 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-22 01:07 . 2008-04-22 22:02 -------- d-----w- c:\documents and settings\Alan\Application Data\OpenOffice.org2
2009-10-18 03:15 . 2005-12-10 02:12 -------- d-----w- c:\program files\Google
2009-10-17 15:47 . 2009-10-17 05:27 0 ----a-w- c:\windows\system32\sck236jn.dat
2009-10-17 15:18 . 2009-10-17 15:17 261041 ----a-w- c:\windows\system32\uf4ths.tmp
2009-10-17 15:18 . 2009-10-17 15:17 180527 ----a-w- c:\windows\system32\v25nbd.tmp
2009-10-17 15:18 . 2009-10-17 15:17 169596 ----a-w- c:\windows\system32\jx7xq1.tmp
2009-10-17 15:18 . 2009-10-17 15:17 108563 ----a-w- c:\windows\system32\3itvpl.tmp
2009-10-17 15:16 . 2009-10-17 15:14 179369 ----a-w- c:\windows\system32\bi57jm.tmp
2009-10-17 15:16 . 2009-10-17 15:14 248621 ----a-w- c:\windows\system32\dffkxp.tmp
2009-10-17 15:16 . 2009-10-17 15:14 363549 ----a-w- c:\windows\system32\xqmk72.tmp
2009-10-17 15:16 . 2009-10-17 15:14 276622 ----a-w- c:\windows\system32\yq4zxh.tmp
2009-10-17 14:51 . 2009-10-17 14:50 285072 ----a-w- c:\windows\system32\6guxnz.tmp
2009-10-17 14:51 . 2009-10-17 14:50 206099 ----a-w- c:\windows\system32\ta0ykh.tmp
2009-10-17 14:51 . 2009-10-17 14:50 219776 ----a-w- c:\windows\system32\yv4uua.tmp
2009-10-17 14:51 . 2009-10-17 14:50 166844 ----a-w- c:\windows\system32\atwfvc.tmp
2009-10-17 06:02 . 2009-10-17 06:01 97777 ----a-w- c:\windows\system32\zpakpr.tmp
2009-10-17 06:02 . 2009-10-17 06:01 172296 ----a-w- c:\windows\system32\x3i0lu.tmp
2009-10-17 06:02 . 2009-10-17 05:51 3279925 ----a-w- c:\windows\system32\8zjnyq.tmp
2009-10-17 06:02 . 2009-10-17 05:51 3339005 ----a-w- c:\windows\system32\n0xfvu.tmp
2009-10-17 05:51 . 2009-10-17 05:41 2406703 ----a-w- c:\windows\system32\7hj2o0.tmp
2009-10-17 05:51 . 2009-10-17 05:41 2603899 ----a-w- c:\windows\system32\kd0up6.tmp
2009-10-17 05:48 . 2009-10-17 05:45 753600 ----a-w- c:\windows\system32\3yq3uh.tmp
2009-10-17 05:32 . 2009-10-17 05:27 251580 ----a-w- c:\windows\system32\rs8xdo.tmp
2009-10-17 05:32 . 2009-10-17 05:27 280393 ----a-w- c:\windows\system32\pugo0x.tmp
2009-10-17 05:32 . 2009-10-17 05:27 272334 ----a-w- c:\windows\system32\l36zlg.tmp
2009-10-17 05:32 . 2009-10-17 05:27 255972 ----a-w- c:\windows\system32\m3hfve.tmp
2009-10-17 05:32 . 2009-10-17 05:27 476089 ----a-w- c:\windows\system32\a6x07r.tmp
2009-10-17 05:32 . 2009-10-17 05:27 471601 ----a-w- c:\windows\system32\0jwtsu.tmp
2009-10-17 05:30 . 2009-10-17 05:28 93550 ----a-w- c:\windows\system32\ljeecg.tmp
2009-10-17 05:30 . 2009-10-17 05:28 120031 ----a-w- c:\windows\system32\3z2rhx.tmp
2009-10-17 05:30 . 2009-10-17 05:28 75504 ----a-w- c:\windows\system32\p2d8gd.tmp
2009-10-17 05:30 . 2009-10-17 05:28 72854 ----a-w- c:\windows\system32\rpkphe.tmp
2009-10-17 05:27 . 2009-10-17 05:27 49937 ----a-w- c:\windows\system32\e5fo0p.tmp
2009-10-17 05:27 . 2009-10-17 05:27 41316 ----a-w- c:\windows\system32\18yrsa.tmp
2009-10-17 05:27 . 2009-10-17 05:27 34508 ----a-w- c:\windows\system32\26cvyo.tmp
2009-10-17 05:27 . 2009-10-17 05:27 32993 ----a-w- c:\windows\system32\j5wqtr.tmp
2009-10-17 05:27 . 2009-10-17 05:27 35535 ----a-w- c:\windows\system32\kujdp6.tmp
2009-10-17 05:27 . 2009-10-17 05:27 34758 ----a-w- c:\windows\system32\4s4dub.tmp
2009-10-17 05:26 . 2009-10-17 05:26 20992 ----a-w- c:\windows\system32\perfc5932.dat
2009-10-17 05:26 . 2009-10-17 05:26 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-16 18:08 . 2005-04-02 18:29 50136 ----a-w- c:\documents and settings\Alan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-16 17:18 . 2004-12-15 18:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 20:49 . 2007-12-06 18:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-15 20:05 . 2009-04-28 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-15 20:04 . 2009-10-15 20:04 19168 ----a-w- c:\program files\Common Files\bydaz.db
2009-10-15 03:39 . 2007-05-21 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-10 15:01 . 2005-03-28 15:20 -------- d-----w- c:\program files\Java
2009-10-06 20:32 . 2007-12-06 18:10 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-02 17:15 . 2005-04-02 19:06 -------- d-----w- c:\program files\Ubisoft
2009-09-27 21:12 . 2008-01-30 18:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 21:12 . 2008-01-30 18:12 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-24 14:24 . 2005-03-28 15:10 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-21 23:15 . 2009-09-21 23:15 -------- d-----w- c:\program files\Defraggler
2009-09-21 23:10 . 2006-04-28 23:59 -------- d-----w- c:\program files\My installed games
2009-09-14 21:14 . 2006-05-07 22:08 -------- d-----w- c:\program files\Steam
2009-09-14 21:09 . 2009-02-26 00:43 -------- d-----w- c:\program files\Battlefront
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-04-28 23:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-04-28 23:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 18:36 . 2009-08-14 18:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-05 14:54 . 2009-04-30 02:45 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 05:21 . 2009-08-03 05:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-31 20:23 . 2009-04-19 16:43 411368 ----a-w- c:\windows\system32\deploytk.dll
1999-04-30 21:00 . 2004-12-15 18:20 98304 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 81920]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2004-06-29 81920]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-20 69632]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-06-04 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-06-04 131072]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]

c:\documents and settings\Alan\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\ROEd.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)

R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SIWinAcc.sys [11/18/2004 1:00 PM 10240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/29/2009 9:45 PM 108289]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [8/11/2006 3:56 PM 8192]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/17/2009 3:57 PM 2789160]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [9/30/2009 11:14 AM 36384]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [3/30/2007 9:46 PM 2560]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys --> c:\windows\system32\DRIVERS\chdrvr01.sys [?]
S3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\DRIVERS\chdrvr03.sys --> c:\windows\system32\DRIVERS\chdrvr03.sys [?]
S3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [1/17/2008 10:48 AM 135048]
S3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [1/17/2008 10:49 AM 28544]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/17/2009 3:57 PM 15656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2009-10-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-17 16:24]

2009-10-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.npr.org/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Post Image to Blog - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Tag This Image - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: Upload All Images to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5001
Trusted Zone: imageshack.us\toolbar
Trusted Zone: memeo.com\seagate
DPF: {C22877C3-4214-11D0-B0DA-080009C351D7} - hxxp://seagate.memeo.com/dragndrop.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
HKLM-Run-Kbugaxukow - c:\windows\ivikahuboze.dll
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Project Reality 0.75 Patch_is1 - c:\projectreality\New Folder\unins000.exe
AddRemove-Project Reality Core_is1 - c:\pr\New Folder\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Alan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 20:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,cc,02,64,92,d8,a5,d3,a1,94,0e,02,04,e6,e6,60,4c,d9,d1,37,ed,42,38,
5d,3c,68,6a,46,96,8a,78,dc,fb,ff,c8,51,ce,eb,6e,dc,a0,7a,68,79,ff,83,fd,5b,\
"??"=hex:dd,99,0c,75,e0,d9,b3,83,e9,61,6d,9e,fe,35,fe,09

[HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\SecuROM\License information*]
"datasecu"=hex:3e,c5,af,e1,39,1e,0f,eb,6c,ea,70,56,06,be,ec,79,e5,42,a8,a3,28,
c2,43,f0,3d,e0,cd,39,08,bb,c1,d0,16,65,b2,39,6d,3e,ab,9f,45,bf,3b,de,28,16,\
"rkeysecu"=hex:01,a8,a3,d0,1c,32,b3,d5,ab,e9,a0,17,12,71,11,ec

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\A62C3DF982434ABDAD414E772CEE62E6]
"1"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,b2,8b,15,99,5d,9d,47,
61,6c,bf,37,a7,d1,d7,c0,b2
"2"=hex:6b,c7,e1,d4,2b,15,09,48,96,b8,cd,e2,2d,75,43,13
"3"=hex:dd,11,fd,f7,db,ce,9c,46,9f,e5,da,78,9a,29,79,3a,8d,72,98,12,9a,09,b6,
a2,07,f8,b3,22,37,f7,26,b1,7a,1b,e8,c8,7f,e0,a9,7f,f4,3f,27,db,cd,61,a6,9b,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,b2,8b,15,99,5d,9d,47,
61,d2,56,c2,b7,dd,df,a5,d3,10,fb,cc,9d,31,bc,8e,30,e7,10,dd,2b,ae,14,90,2e,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,cb,f3,0e,96,93,6e,94,4d,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:06,dd,46,10,cb,13,61,1f,eb,af,61,e5,74,32,5e,b3,4c,66,b3,8c,d3,68,fa,
de,7d,b8,af,f8,11,ad,4f,e7,c4,af,6c,eb,4b,52,b6,28,f2,f9,5d,a0,c8,7c,91,84,\
"13"=hex:38,68,1e,c9,98,06,1e,f4,85,5c,00,ab,16,bc,3a,79,d4,ba,57,cc,9d,f6,82,
7d,88,75,8c,1c,f9,c7,52,b1,1c,89,5e,fe,ef,d8,f3,15
"14"=hex:99,f7,bb,1b,0d,9d,88,b4,fa,9e,45,6c,cb,b1,2f,71
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:14,e5,d5,23,f4,be,a2,da,1b,f4,12,8c,8b,57,27,1e
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:4a,27,2e,fd,b7,5a,00,00,45,b0,ac,07,25,1f,d4,d2,50,ba,6c,fe,33,fb,50,
02,e1,36,93,be,0a,01,eb,66,f8,ed,8e,b9,04,32,50,5a,d1,77,f8,0f,dc,2a,29,77,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\C4838B3D951212E6CDEE180D9201C56E]
"1"=hex:07,1f,1a,27,85,96,85,c3,38,71,53,58,52,6e,65,80,4c,0f,9a,93,b5,f7,5b,
e0
"2"=hex:74,a4,b0,b2,7e,bd,e7,ef
"3"=hex:bc,e3,79,fb,21,92,30,37,2f,28,89,38,05,d1,54,4f,b9,c4,cc,1b,02,c4,69,
4f,79,5a,3f,2f,d6,75,3b,11,eb,96,a6,b7,f3,2b,62,6a,b6,53,29,8e,3a,ab,d7,e2,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:07,1f,1a,27,85,96,85,c3,38,71,53,58,52,6e,65,80,0a,e7,b1,ce,73,6a,58,
57,30,30,b0,e3,7a,66,81,b6,c4,90,48,1b,5f,da,a1,52,e2,81,56,1a,cd,3e,23,ce,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,cb,f3,0e,96,93,6e,94,4d,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:3a,44,69,31,35,cf,76,38,0a,8c,0e,ab,db,0c,ec,1d,c0,11,da,8a,92,6e,90,
72,97,54,a1,73,c2,37,e6,e6,a0,7d,7e,10,77,fd,c6,4a,9c,9f,8e,4c,a3,ac,f2,f0,\
"13"=hex:e1,7b,3c,7b,06,53,76,c2,bb,bc,ae,24,db,e9,21,ef,d7,94,62,77,6d,dc,6e,
80,ec,29,1f,63,69,d7,ea,23,04,d4,e8,3a,41,97,40,73
"14"=hex:cc,37,e6,02,49,3c,f3,ea,f2,40,e6,1c,3c,12,e0,3d
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:54,9f,0d,73,fe,2d,9b,68,95,1c,f1,29,9e,70,66,b0
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:f6,f8,99,16,36,24,a7,95,63,ed,74,9f,92,33,41,78,06,f9,bd,a6,94,cf,65,
9a,3e,c4,84,a2,be,dc,ee,21,62,fb,44,9c,3c,76,0c,7c,a9,0b,85,7d,2c,5c,2a,b8,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\DF7B54A6112C2A0959607A574D3D99D6]
"1"=hex:05,a5,52,27,27,68,21,41,63,83,05,15,ef,55,2c,92
"2"=hex:e6,3c,85,4d,4d,ca,c1,63
"3"=hex:57,af,d3,58,c2,f7,b3,11,7e,1a,a2,1f,2d,89,d6,10,ff,a4,e2,98,e4,58,0d,
1e,8d,cc,98,f5,30,b3,1f,71,a6,41,2d,73,33,f8,46,fc,da,ac,67,cc,d8,f6,31,f8,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:05,a5,52,27,27,68,21,41,e8,57,cb,d5,86,b9,d9,4d,cb,7f,99,f2,24,82,21,
e1,10,02,88,72,56,d5,9c,a2,94,ab,2f,42,e2,d1,45,53,4d,4a,a7,9e,8d,a9,fd,c1,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,cb,f3,0e,96,93,6e,94,4d,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:ce,45,78,db,dc,eb,6a,9f,38,c9,5b,23,c0,b3,1c,47,c3,8f,20,66,56,6a,ed,
9d,5f,c6,5f,9a,b4,d2,88,e4,79,6c,c2,4f,11,6c,4f,8f,bb,d2,1d,45,5c,5b,f6,46,\
"13"=hex:4b,30,52,e3,d0,65,0c,f1,f9,d0,8e,13,3d,71,d2,c4,a0,8f,70,72,9a,bf,6b,
13,92,0c,ac,72,0d,b6,d6,fd,9b,5f,cc,cf,63,e1,15,35
"14"=hex:08,ff,2b,1c,69,18,ef,7b,2e,51,47,6e,41,a5,c7,f7
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:7c,b5,60,2b,54,8d,76,85,de,db,74,1c,cc,34,78,68
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:dc,8b,1d,11,09,67,d5,50,ad,5f,da,e0,f6,90,74,f4,ad,0c,dd,6d,98,1b,bd,
a5,07,a9,4c,73,1b,95,1c,7f,7f,7f,c6,31,9c,e9,b2,dc,8b,e8,04,c0,42,ca,3a,01,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(836)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ftpshext.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\combofix\CF11738.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\Seagate\AutoBackup\MemeoBackup.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-22 20:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-22 01:22

Pre-Run: 39,330,541,568 bytes free
Post-Run: 39,215,214,592 bytes free

- - End Of File - - 2FCB21C6D2E32B2354B0D6433F69C0BA

Edited by akdavis, 21 October 2009 - 08:28 PM.

#4 Buckeye_Sam

Malware Expert

Members
17,382 posts
OFFLINE

Gender:Male
Location:Pickerington, Ohio
Local time:01:22 AM

Posted 22 October 2009 - 07:46 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\program files\Common Files\bydaz.db
c:\windows\system32\*.tmp
c:\windows\yzilyro.dat
c:\windows\Rfufahinalulin.bin
c:\windows\Wcadad.dat
c:\windows\system32\aduk.com
c:\windows\system32\ifujabumi.com
c:\windows\system32\irafewuki.dat

Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

=====================

Please update Malwarebytes and run a full scan.

Open Malwarebytes and select the Update tab.
Click on the Check for Updates button and allow the program to download the latest updates.
Once you have the latest updates, select the Scanner tab.
Select "Perform full scan" and click the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#5 akdavis

Topic Starter

Members
40 posts
OFFLINE

Local time:01:22 AM

Posted 22 October 2009 - 11:16 AM

After completeing these steps, a window popped up when I opened IE asking if I wanted to change the default search engine. Not sure if this is normal. Here are the logs:

Combofix:

ComboFix 09-10-20.03 - Alan 10/22/2009 10:07.3.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1586 [GMT -5:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alan\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\program files\Common Files\bydaz.db"
"c:\windows\Rfufahinalulin.bin"
"c:\windows\system32\aduk.com"
"c:\windows\system32\ifujabumi.com"
"c:\windows\system32\irafewuki.dat"
"c:\windows\Wcadad.dat"
"c:\windows\yzilyro.dat"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\bydaz.db
c:\windows\Rfufahinalulin.bin
c:\windows\system32\aduk.com
c:\windows\system32\ifujabumi.com
c:\windows\system32\irafewuki.dat
c:\windows\Wcadad.dat
c:\windows\yzilyro.dat

.
(((((((((((((((((((((((((   Files Created from 2009-09-22 to 2009-10-22  )))))))))))))))))))))))))))))))
.

2009-10-16 17:56 . 2009-10-16 17:56	--------	d-----w-	c:\windows\system32\scripting
2009-10-16 17:56 . 2009-10-16 17:56	--------	d-----w-	c:\windows\system32\en
2009-10-16 17:56 . 2009-10-16 17:56	--------	d-----w-	c:\windows\system32\bits
2009-10-16 17:56 . 2009-10-16 17:56	--------	d-----w-	c:\windows\l2schemas
2009-10-15 20:51 . 2009-10-15 20:51	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-15 20:50 . 2009-10-15 21:01	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-10-15 20:50 . 2009-10-15 20:50	--------	d-----w-	c:\documents and settings\Alan\Application Data\SUPERAntiSpyware.com
2009-10-15 19:38 . 2009-10-15 19:38	--------	d-----w-	C:\WTablet
2009-10-15 19:26 . 2009-10-15 19:26	--------	d-----w-	c:\documents and settings\Alan\Local Settings\Application Data\{1D5EE0CD-B464-4F51-BE91-5E9822CB24A9}
2009-10-11 19:34 . 2009-10-11 19:34	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2009-10-09 23:45 . 2009-10-09 23:45	--------	d-sh--w-	c:\documents and settings\Alan\PrivacIE
2009-10-09 22:58 . 2009-10-09 22:58	--------	d-sh--w-	c:\documents and settings\Alan\IETldCache
2009-10-09 22:47 . 2009-08-07 08:48	100352	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2009-10-09 22:47 . 2009-10-09 22:47	--------	d-----w-	c:\windows\ie8updates
2009-10-09 22:47 . 2009-08-29 08:08	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2009-10-09 22:47 . 2009-08-29 08:08	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2009-10-09 22:46 . 2009-10-09 22:46	--------	dc-h--w-	c:\windows\ie8
2009-10-06 20:32 . 2009-10-06 20:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-10-06 20:32 . 2009-10-06 20:32	--------	d-----w-	c:\program files\NVIDIA Corporation
2009-10-06 20:31 . 2009-10-06 20:31	--------	d-----w-	C:\NVIDIA
2009-10-06 00:57 . 2009-10-06 00:57	--------	d-----w-	c:\program files\FB Swatika Enabler
2009-09-30 16:14 . 2008-04-25 19:54	36384	----a-w-	c:\windows\system32\drivers\npusbio.sys
2009-09-30 16:14 . 2009-09-30 16:14	--------	d-----w-	c:\program files\NaturalPoint
2009-09-27 23:20 . 2009-09-27 23:20	2173544	----a-w-	c:\windows\system32\nvcplui.exe
2009-09-27 23:20 . 2009-09-27 23:20	81920	----a-w-	c:\windows\system32\nvwddi.dll
2009-09-27 23:19 . 2009-09-27 23:19	3166208	----a-w-	c:\windows\system32\nvwss.dll
2009-09-27 23:19 . 2009-09-27 23:19	4026368	----a-w-	c:\windows\system32\nvvitvs.dll
2009-09-27 23:19 . 2009-09-27 23:19	3547136	----a-w-	c:\windows\system32\nvgames.dll
2009-09-27 23:19 . 2009-09-27 23:19	188416	----a-w-	c:\windows\system32\nvmccss.dll
2009-09-27 23:19 . 2009-09-27 23:19	1286144	----a-w-	c:\windows\system32\nvmobls.dll
2009-09-27 23:19 . 2009-09-27 23:19	86016	----a-w-	c:\windows\system32\nvmctray.dll
2009-09-27 23:19 . 2009-09-27 23:19	4935680	----a-w-	c:\windows\system32\nvdisps.dll
2009-09-27 23:19 . 2009-09-27 23:19	172100	----a-w-	c:\windows\system32\nvsvc32.exe
2009-09-27 23:19 . 2009-09-27 23:19	143360	----a-w-	c:\windows\system32\nvcolor.exe
2009-09-27 23:19 . 2009-09-27 23:19	13918208	----a-w-	c:\windows\system32\nvcpl.dll
2009-09-27 23:19 . 2009-09-27 23:19	229376	----a-w-	c:\windows\system32\nvmccs.dll
2009-09-27 21:12 . 2009-09-27 21:12	888832	----a-w-	c:\windows\system32\nvapi.dll
2009-09-27 21:12 . 2009-09-27 21:12	2194024	----a-w-	c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-09-27 21:12	2007040	----a-w-	c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2009-09-27 21:12	1714792	----a-w-	c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12	170600	----a-w-	c:\windows\system32\nvcodins.dll
2009-09-27 21:12 . 2009-09-27 21:12	170600	----a-w-	c:\windows\system32\nvcod.dll
2009-09-27 21:12 . 2009-09-27 21:12	1604482	----a-w-	c:\windows\system32\nvdata.bin
2009-09-27 21:12 . 2009-09-27 21:12	10756096	----a-w-	c:\windows\system32\nvoglnt.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 14:57 . 2008-04-22 22:02	--------	d-----w-	c:\documents and settings\Alan\Application Data\OpenOffice.org2
2009-10-22 14:57 . 2009-08-17 20:57	--------	d-----w-	c:\documents and settings\Alan\Application Data\WTablet
2009-10-22 14:57 . 2007-03-31 02:46	3961	--sha-w-	c:\windows\system32\mmf.sys
2009-10-22 01:07 . 2008-06-17 22:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2009-10-18 03:15 . 2005-12-10 02:12	--------	d-----w-	c:\program files\Google
2009-10-17 15:47 . 2009-10-17 05:27	0	----a-w-	c:\windows\system32\sck236jn.dat
2009-10-17 15:18 . 2009-10-17 15:17	261041	----a-w-	c:\windows\system32\uf4ths.tmp
2009-10-17 15:18 . 2009-10-17 15:17	180527	----a-w-	c:\windows\system32\v25nbd.tmp
2009-10-17 15:18 . 2009-10-17 15:17	169596	----a-w-	c:\windows\system32\jx7xq1.tmp
2009-10-17 15:18 . 2009-10-17 15:17	108563	----a-w-	c:\windows\system32\3itvpl.tmp
2009-10-17 15:16 . 2009-10-17 15:14	179369	----a-w-	c:\windows\system32\bi57jm.tmp
2009-10-17 15:16 . 2009-10-17 15:14	248621	----a-w-	c:\windows\system32\dffkxp.tmp
2009-10-17 15:16 . 2009-10-17 15:14	363549	----a-w-	c:\windows\system32\xqmk72.tmp
2009-10-17 15:16 . 2009-10-17 15:14	276622	----a-w-	c:\windows\system32\yq4zxh.tmp
2009-10-17 14:51 . 2009-10-17 14:50	285072	----a-w-	c:\windows\system32\6guxnz.tmp
2009-10-17 14:51 . 2009-10-17 14:50	206099	----a-w-	c:\windows\system32\ta0ykh.tmp
2009-10-17 14:51 . 2009-10-17 14:50	219776	----a-w-	c:\windows\system32\yv4uua.tmp
2009-10-17 14:51 . 2009-10-17 14:50	166844	----a-w-	c:\windows\system32\atwfvc.tmp
2009-10-17 06:02 . 2009-10-17 06:01	97777	----a-w-	c:\windows\system32\zpakpr.tmp
2009-10-17 06:02 . 2009-10-17 06:01	172296	----a-w-	c:\windows\system32\x3i0lu.tmp
2009-10-17 06:02 . 2009-10-17 05:51	3279925	----a-w-	c:\windows\system32\8zjnyq.tmp
2009-10-17 06:02 . 2009-10-17 05:51	3339005	----a-w-	c:\windows\system32\n0xfvu.tmp
2009-10-17 05:51 . 2009-10-17 05:41	2406703	----a-w-	c:\windows\system32\7hj2o0.tmp
2009-10-17 05:51 . 2009-10-17 05:41	2603899	----a-w-	c:\windows\system32\kd0up6.tmp
2009-10-17 05:48 . 2009-10-17 05:45	753600	----a-w-	c:\windows\system32\3yq3uh.tmp
2009-10-17 05:32 . 2009-10-17 05:27	251580	----a-w-	c:\windows\system32\rs8xdo.tmp
2009-10-17 05:32 . 2009-10-17 05:27	280393	----a-w-	c:\windows\system32\pugo0x.tmp
2009-10-17 05:32 . 2009-10-17 05:27	272334	----a-w-	c:\windows\system32\l36zlg.tmp
2009-10-17 05:32 . 2009-10-17 05:27	255972	----a-w-	c:\windows\system32\m3hfve.tmp
2009-10-17 05:32 . 2009-10-17 05:27	476089	----a-w-	c:\windows\system32\a6x07r.tmp
2009-10-17 05:32 . 2009-10-17 05:27	471601	----a-w-	c:\windows\system32\0jwtsu.tmp
2009-10-17 05:30 . 2009-10-17 05:28	93550	----a-w-	c:\windows\system32\ljeecg.tmp
2009-10-17 05:30 . 2009-10-17 05:28	120031	----a-w-	c:\windows\system32\3z2rhx.tmp
2009-10-17 05:30 . 2009-10-17 05:28	75504	----a-w-	c:\windows\system32\p2d8gd.tmp
2009-10-17 05:30 . 2009-10-17 05:28	72854	----a-w-	c:\windows\system32\rpkphe.tmp
2009-10-17 05:27 . 2009-10-17 05:27	49937	----a-w-	c:\windows\system32\e5fo0p.tmp
2009-10-17 05:27 . 2009-10-17 05:27	41316	----a-w-	c:\windows\system32\18yrsa.tmp
2009-10-17 05:27 . 2009-10-17 05:27	34508	----a-w-	c:\windows\system32\26cvyo.tmp
2009-10-17 05:27 . 2009-10-17 05:27	32993	----a-w-	c:\windows\system32\j5wqtr.tmp
2009-10-17 05:27 . 2009-10-17 05:27	35535	----a-w-	c:\windows\system32\kujdp6.tmp
2009-10-17 05:27 . 2009-10-17 05:27	34758	----a-w-	c:\windows\system32\4s4dub.tmp
2009-10-17 05:26 . 2009-10-17 05:26	20992	----a-w-	c:\windows\system32\perfc5932.dat
2009-10-17 05:26 . 2009-10-17 05:26	1	----a-w-	c:\windows\system32\perfc7683.dat
2009-10-16 18:08 . 2005-04-02 18:29	50136	----a-w-	c:\documents and settings\Alan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-16 17:18 . 2004-12-15 18:03	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-10-15 20:49 . 2007-12-06 18:10	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-10-15 20:05 . 2009-04-28 23:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-10-15 03:39 . 2007-05-21 13:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-10 15:01 . 2005-03-28 15:20	--------	d-----w-	c:\program files\Java
2009-10-06 20:32 . 2007-12-06 18:10	--------	d-----w-	c:\program files\AGEIA Technologies
2009-10-02 17:15 . 2005-04-02 19:06	--------	d-----w-	c:\program files\Ubisoft
2009-09-27 21:12 . 2008-01-30 18:12	7655872	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 21:12 . 2008-01-30 18:12	5900416	----a-w-	c:\windows\system32\nv4_disp.dll
2009-09-24 14:24 . 2005-03-28 15:10	490088	----a-w-	c:\windows\system32\NVUNINST.EXE
2009-09-21 23:15 . 2009-09-21 23:15	--------	d-----w-	c:\program files\Defraggler
2009-09-21 23:10 . 2006-04-28 23:59	--------	d-----w-	c:\program files\My installed games
2009-09-14 21:14 . 2006-05-07 22:08	--------	d-----w-	c:\program files\Steam
2009-09-14 21:09 . 2009-02-26 00:43	--------	d-----w-	c:\program files\Battlefront
2009-09-11 14:18 . 2004-08-04 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-04-28 23:40	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-04-28 23:40	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 12:00	58880	----a-w-	c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00	916480	------w-	c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00	247326	----a-w-	c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33	1193832	----a-w-	c:\windows\system32\FM20.DLL
2009-08-14 18:36 . 2009-08-14 18:36	70936	----a-w-	c:\windows\system32\PhysXLoader.dll
2009-08-05 14:54 . 2009-04-30 02:45	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2004-08-04 12:00	2189184	------w-	c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59	2066048	------w-	c:\windows\system32\ntkrnlpa.exe
2009-08-03 05:21 . 2009-08-03 05:21	23320	----a-w-	c:\windows\system32\PhysXDevice.dll
2009-07-31 20:23 . 2009-04-19 16:43	411368	----a-w-	c:\windows\system32\deploytk.dll
1999-04-30 21:00 . 2004-12-15 18:20	98304	----a-w-	c:\program files\internet explorer\plugins\UPjpeg.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 81920]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2004-06-29 81920]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-20 69632]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-06-04 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-06-04 131072]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]

c:\documents and settings\Alan\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\ROEd.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)

R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SIWinAcc.sys [11/18/2004 1:00 PM 10240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/29/2009 9:45 PM 108289]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [8/11/2006 3:56 PM 8192]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/17/2009 3:57 PM 2789160]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [9/30/2009 11:14 AM 36384]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [3/30/2007 9:46 PM 2560]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys --> c:\windows\system32\DRIVERS\chdrvr01.sys [?]
S3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\DRIVERS\chdrvr03.sys --> c:\windows\system32\DRIVERS\chdrvr03.sys [?]
S3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [1/17/2008 10:48 AM 135048]
S3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [1/17/2008 10:49 AM 28544]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/17/2009 3:57 PM 15656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2009-10-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-17 16:24]

2009-10-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.npr.org/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Post Image to Blog - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Tag This Image - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: Upload All Images to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5001
Trusted Zone: imageshack.us\toolbar
Trusted Zone: memeo.com\seagate
DPF: {C22877C3-4214-11D0-B0DA-080009C351D7} - hxxp://seagate.memeo.com/dragndrop.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 10:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,cc,02,64,92,d8,a5,d3,a1,94,0e,02,04,e6,e6,60,4c,d9,d1,37,ed,42,38,
   5d,3c,68,6a,46,96,8a,78,dc,fb,ff,c8,51,ce,eb,6e,dc,a0,7a,68,79,ff,83,fd,5b,\
"??"=hex:dd,99,0c,75,e0,d9,b3,83,e9,61,6d,9e,fe,35,fe,09

[HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\SecuROM\License information*]
"datasecu"=hex:3e,c5,af,e1,39,1e,0f,eb,6c,ea,70,56,06,be,ec,79,e5,42,a8,a3,28,
   c2,43,f0,3d,e0,cd,39,08,bb,c1,d0,16,65,b2,39,6d,3e,ab,9f,45,bf,3b,de,28,16,\
"rkeysecu"=hex:01,a8,a3,d0,1c,32,b3,d5,ab,e9,a0,17,12,71,11,ec

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
   25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
   c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
   8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\A62C3DF982434ABDAD414E772CEE62E6]
"1"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,b2,8b,15,99,5d,9d,47,
   61,6c,bf,37,a7,d1,d7,c0,b2
"2"=hex:6b,c7,e1,d4,2b,15,09,48,96,b8,cd,e2,2d,75,43,13
"3"=hex:dd,11,fd,f7,db,ce,9c,46,9f,e5,da,78,9a,29,79,3a,8d,72,98,12,9a,09,b6,
   a2,07,f8,b3,22,37,f7,26,b1,7a,1b,e8,c8,7f,e0,a9,7f,f4,3f,27,db,cd,61,a6,9b,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,b2,8b,15,99,5d,9d,47,
   61,d2,56,c2,b7,dd,df,a5,d3,10,fb,cc,9d,31,bc,8e,30,e7,10,dd,2b,ae,14,90,2e,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
   cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
   64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,cb,f3,0e,96,93,6e,94,4d,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:06,dd,46,10,cb,13,61,1f,eb,af,61,e5,74,32,5e,b3,4c,66,b3,8c,d3,68,fa,
   de,7d,b8,af,f8,11,ad,4f,e7,c4,af,6c,eb,4b,52,b6,28,f2,f9,5d,a0,c8,7c,91,84,\
"13"=hex:38,68,1e,c9,98,06,1e,f4,85,5c,00,ab,16,bc,3a,79,d4,ba,57,cc,9d,f6,82,
   7d,88,75,8c,1c,f9,c7,52,b1,1c,89,5e,fe,ef,d8,f3,15
"14"=hex:99,f7,bb,1b,0d,9d,88,b4,fa,9e,45,6c,cb,b1,2f,71
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:14,e5,d5,23,f4,be,a2,da,1b,f4,12,8c,8b,57,27,1e
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:4a,27,2e,fd,b7,5a,00,00,45,b0,ac,07,25,1f,d4,d2,50,ba,6c,fe,33,fb,50,
   02,e1,36,93,be,0a,01,eb,66,f8,ed,8e,b9,04,32,50,5a,d1,77,f8,0f,dc,2a,29,77,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\C4838B3D951212E6CDEE180D9201C56E]
"1"=hex:07,1f,1a,27,85,96,85,c3,38,71,53,58,52,6e,65,80,4c,0f,9a,93,b5,f7,5b,
   e0
"2"=hex:74,a4,b0,b2,7e,bd,e7,ef
"3"=hex:bc,e3,79,fb,21,92,30,37,2f,28,89,38,05,d1,54,4f,b9,c4,cc,1b,02,c4,69,
   4f,79,5a,3f,2f,d6,75,3b,11,eb,96,a6,b7,f3,2b,62,6a,b6,53,29,8e,3a,ab,d7,e2,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:07,1f,1a,27,85,96,85,c3,38,71,53,58,52,6e,65,80,0a,e7,b1,ce,73,6a,58,
   57,30,30,b0,e3,7a,66,81,b6,c4,90,48,1b,5f,da,a1,52,e2,81,56,1a,cd,3e,23,ce,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
   cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
   64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,cb,f3,0e,96,93,6e,94,4d,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:3a,44,69,31,35,cf,76,38,0a,8c,0e,ab,db,0c,ec,1d,c0,11,da,8a,92,6e,90,
   72,97,54,a1,73,c2,37,e6,e6,a0,7d,7e,10,77,fd,c6,4a,9c,9f,8e,4c,a3,ac,f2,f0,\
"13"=hex:e1,7b,3c,7b,06,53,76,c2,bb,bc,ae,24,db,e9,21,ef,d7,94,62,77,6d,dc,6e,
   80,ec,29,1f,63,69,d7,ea,23,04,d4,e8,3a,41,97,40,73
"14"=hex:cc,37,e6,02,49,3c,f3,ea,f2,40,e6,1c,3c,12,e0,3d
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:54,9f,0d,73,fe,2d,9b,68,95,1c,f1,29,9e,70,66,b0
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:f6,f8,99,16,36,24,a7,95,63,ed,74,9f,92,33,41,78,06,f9,bd,a6,94,cf,65,
   9a,3e,c4,84,a2,be,dc,ee,21,62,fb,44,9c,3c,76,0c,7c,a9,0b,85,7d,2c,5c,2a,b8,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\DF7B54A6112C2A0959607A574D3D99D6]
"1"=hex:05,a5,52,27,27,68,21,41,63,83,05,15,ef,55,2c,92
"2"=hex:e6,3c,85,4d,4d,ca,c1,63
"3"=hex:57,af,d3,58,c2,f7,b3,11,7e,1a,a2,1f,2d,89,d6,10,ff,a4,e2,98,e4,58,0d,
   1e,8d,cc,98,f5,30,b3,1f,71,a6,41,2d,73,33,f8,46,fc,da,ac,67,cc,d8,f6,31,f8,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:05,a5,52,27,27,68,21,41,e8,57,cb,d5,86,b9,d9,4d,cb,7f,99,f2,24,82,21,
   e1,10,02,88,72,56,d5,9c,a2,94,ab,2f,42,e2,d1,45,53,4d,4a,a7,9e,8d,a9,fd,c1,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
   cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
   64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,cb,f3,0e,96,93,6e,94,4d,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:ce,45,78,db,dc,eb,6a,9f,38,c9,5b,23,c0,b3,1c,47,c3,8f,20,66,56,6a,ed,
   9d,5f,c6,5f,9a,b4,d2,88,e4,79,6c,c2,4f,11,6c,4f,8f,bb,d2,1d,45,5c,5b,f6,46,\
"13"=hex:4b,30,52,e3,d0,65,0c,f1,f9,d0,8e,13,3d,71,d2,c4,a0,8f,70,72,9a,bf,6b,
   13,92,0c,ac,72,0d,b6,d6,fd,9b,5f,cc,cf,63,e1,15,35
"14"=hex:08,ff,2b,1c,69,18,ef,7b,2e,51,47,6e,41,a5,c7,f7
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:7c,b5,60,2b,54,8d,76,85,de,db,74,1c,cc,34,78,68
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:dc,8b,1d,11,09,67,d5,50,ad,5f,da,e0,f6,90,74,f4,ad,0c,dd,6d,98,1b,bd,
   a5,07,a9,4c,73,1b,95,1c,7f,7f,7f,c6,31,9c,e9,b2,dc,8b,e8,04,c0,42,ca,3a,01,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-10-22 10:14
ComboFix-quarantined-files.txt  2009-10-22 15:13
ComboFix2.txt  2009-10-22 01:22

Pre-Run: 39,242,944,512 bytes free
Post-Run: 39,192,907,776 bytes free

- - End Of File - - B73256B315A79C0BC31D5AB42C9BAA99

MBAM:

Malwarebytes' Anti-Malware 1.41
Database version: 3011
Windows 5.1.2600 Service Pack 3

10/22/2009 11:08:15 AM
mbam-log-2009-10-22 (11-08-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 445570
Time elapsed: 50 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lizkavd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0207985.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0207988.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0208012.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0208013.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0208014.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0208024.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0208025.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0208026.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0208027.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1672\A0214911.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1672\A0214883.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1672\A0215033.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\WINDOWS\PEV.exe (Trojan.PWS) -> Quarantined and deleted successfully.

#6 Buckeye_Sam

Malware Expert

Members
17,382 posts
OFFLINE

Gender:Male
Location:Pickerington, Ohio
Local time:01:22 AM

Posted 22 October 2009 - 06:50 PM

Please download OTL from here and save it to your desktop.

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
c:\windows\system32\*.tmp

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
You will get a log that shows the results of the fix. Please post it.
Then also run and post a new OTL log.

#7 akdavis

Topic Starter

Members
40 posts
OFFLINE

Local time:01:22 AM

Posted 22 October 2009 - 07:22 PM

I think I may have screwed up. I forgot to disable Avira again after I started up the computer to download and run this program. When I hit run, Avira started going nuts with trojan warnings. Wasn't sure what to do, so I just restarted the comp, but there is now a system file on my desktop "Thumbs.db". Anyways, I again ran OTL.exe as instructed, and following reboot, Avira came up with three more file warnings, which I quarantined. Also, I'm not sure what this step means:

â€¢Then also run and post a new OTL log.

Run the same scan again?

OTL log:

ll processes killed
========== FILES ==========
c:\windows\system32\68pcyj65.tmp moved successfully.
c:\windows\system32\6guxnz.tmp moved successfully.
c:\windows\system32\7hj2o0.tmp moved successfully.
c:\windows\system32\8zjnyq.tmp moved successfully.
c:\windows\system32\a6x07r.tmp moved successfully.
c:\windows\system32\atwfvc.tmp moved successfully.
c:\windows\system32\bi57jm.tmp moved successfully.
c:\windows\system32\CONFIG.TMP moved successfully.
c:\windows\system32\dffkxp.tmp moved successfully.
c:\windows\system32\e5fo0p.tmp moved successfully.
c:\windows\system32\j5wqtr.tmp moved successfully.
c:\windows\system32\jx7xq1.tmp moved successfully.
c:\windows\system32\kd0up6.tmp moved successfully.
c:\windows\system32\kujdp6.tmp moved successfully.
c:\windows\system32\l36zlg.tmp moved successfully.
c:\windows\system32\ljeecg.tmp moved successfully.
c:\windows\system32\m3hfve.tmp moved successfully.
c:\windows\system32\n0xfvu.tmp moved successfully.
c:\windows\system32\p2d8gd.tmp moved successfully.
c:\windows\system32\pugo0x.tmp moved successfully.
c:\windows\system32\rpkphe.tmp moved successfully.
c:\windows\system32\rs8xdo.tmp moved successfully.
c:\windows\system32\SET1BA.tmp moved successfully.
c:\windows\system32\ta0ykh.tmp moved successfully.
c:\windows\system32\tmp584.tmp moved successfully.
c:\windows\system32\tmp585.tmp moved successfully.
c:\windows\system32\uf4ths.tmp moved successfully.
c:\windows\system32\v25nbd.tmp moved successfully.
c:\windows\system32\x3i0lu.tmp moved successfully.
c:\windows\system32\xqmk72.tmp moved successfully.
c:\windows\system32\yq4zxh.tmp moved successfully.
c:\windows\system32\yv4uua.tmp moved successfully.
c:\windows\system32\zpakpr.tmp moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alan
->Temp folder emptied: 401 bytes
File delete failed. C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 9351760 bytes
->Java cache emptied: 148743174 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 7611 bytes
RecycleBin emptied: 162 bytes
 
Total Files Cleaned = 152.87 mb
 
 
OTL by OldTimer - Version 3.0.21.0 log created on 10222009_191105

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Last 3 Avira events:

Virus or unwanted program 'TR/Spy.Agent.bapf.3 [trojan]'
detected in file 'C:\WINDOWS\system32\ms32clod.dll.
Action performed: Move file to quarantine

Virus or unwanted program 'TR/Spy.Agent.bapf.3 [trojan]'
detected in file 'C:\WINDOWS\system32\ms32clod.dll.
Action performed: Move file to quarantine

Virus or unwanted program 'TR/Spy.Agent.bapf.3 [trojan]'
detected in file 'C:\WINDOWS\system32\ms32clod.dll.
Action performed: Move file to quarantine

Sorry if I messed up the process. Turning off the comp again as the hard drive is still quietly working away.

Edited by akdavis, 22 October 2009 - 07:24 PM.

#8 Buckeye_Sam

Malware Expert

Members
17,382 posts
OFFLINE

Gender:Male
Location:Pickerington, Ohio
Local time:01:22 AM

Posted 23 October 2009 - 07:33 AM

You did fine. Please run Combofix for me and post that log.

#9 akdavis

Topic Starter

Members
40 posts
OFFLINE

Local time:01:22 AM

Posted 23 October 2009 - 08:08 AM

Window popped up asking if I wanted to update Combofix to the latest version. Seemed odd, so I just downloaded again from the link you provided. Latest combofix log:

ComboFix 09-10-22.01 - Alan 10/23/2009  8:00.4.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1572 [GMT -5:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((   Files Created from 2009-09-23 to 2009-10-23  )))))))))))))))))))))))))))))))
.

2009-10-23 00:06 . 2009-10-23 00:06	--------	d-----w-	C:\_OTL
2009-10-16 17:56 . 2009-10-16 17:56	--------	d-----w-	c:\windows\system32\scripting
2009-10-16 17:56 . 2009-10-16 17:56	--------	d-----w-	c:\windows\system32\en
2009-10-16 17:56 . 2009-10-16 17:56	--------	d-----w-	c:\windows\system32\bits
2009-10-16 17:56 . 2009-10-16 17:56	--------	d-----w-	c:\windows\l2schemas
2009-10-15 20:51 . 2009-10-15 20:51	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-15 20:50 . 2009-10-15 21:01	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-10-15 20:50 . 2009-10-15 20:50	--------	d-----w-	c:\documents and settings\Alan\Application Data\SUPERAntiSpyware.com
2009-10-15 19:38 . 2009-10-15 19:38	--------	d-----w-	C:\WTablet
2009-10-15 19:26 . 2009-10-15 19:26	--------	d-----w-	c:\documents and settings\Alan\Local Settings\Application Data\{1D5EE0CD-B464-4F51-BE91-5E9822CB24A9}
2009-10-11 19:34 . 2009-10-11 19:34	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2009-10-09 23:45 . 2009-10-09 23:45	--------	d-sh--w-	c:\documents and settings\Alan\PrivacIE
2009-10-09 22:58 . 2009-10-09 22:58	--------	d-sh--w-	c:\documents and settings\Alan\IETldCache
2009-10-09 22:47 . 2009-08-07 08:48	100352	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2009-10-09 22:47 . 2009-10-09 22:47	--------	d-----w-	c:\windows\ie8updates
2009-10-09 22:47 . 2009-08-29 08:08	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2009-10-09 22:47 . 2009-08-29 08:08	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2009-10-09 22:46 . 2009-10-09 22:46	--------	dc-h--w-	c:\windows\ie8
2009-10-06 20:32 . 2009-10-06 20:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-10-06 20:32 . 2009-10-06 20:32	--------	d-----w-	c:\program files\NVIDIA Corporation
2009-10-06 20:31 . 2009-10-06 20:31	--------	d-----w-	C:\NVIDIA
2009-10-06 00:57 . 2009-10-06 00:57	--------	d-----w-	c:\program files\FB Swatika Enabler
2009-09-30 16:14 . 2008-04-25 19:54	36384	----a-w-	c:\windows\system32\drivers\npusbio.sys
2009-09-30 16:14 . 2009-09-30 16:14	--------	d-----w-	c:\program files\NaturalPoint
2009-09-27 23:20 . 2009-09-27 23:20	2173544	----a-w-	c:\windows\system32\nvcplui.exe
2009-09-27 23:20 . 2009-09-27 23:20	81920	----a-w-	c:\windows\system32\nvwddi.dll
2009-09-27 23:19 . 2009-09-27 23:19	3166208	----a-w-	c:\windows\system32\nvwss.dll
2009-09-27 23:19 . 2009-09-27 23:19	4026368	----a-w-	c:\windows\system32\nvvitvs.dll
2009-09-27 23:19 . 2009-09-27 23:19	3547136	----a-w-	c:\windows\system32\nvgames.dll
2009-09-27 23:19 . 2009-09-27 23:19	188416	----a-w-	c:\windows\system32\nvmccss.dll
2009-09-27 23:19 . 2009-09-27 23:19	1286144	----a-w-	c:\windows\system32\nvmobls.dll
2009-09-27 23:19 . 2009-09-27 23:19	86016	----a-w-	c:\windows\system32\nvmctray.dll
2009-09-27 23:19 . 2009-09-27 23:19	4935680	----a-w-	c:\windows\system32\nvdisps.dll
2009-09-27 23:19 . 2009-09-27 23:19	172100	----a-w-	c:\windows\system32\nvsvc32.exe
2009-09-27 23:19 . 2009-09-27 23:19	143360	----a-w-	c:\windows\system32\nvcolor.exe
2009-09-27 23:19 . 2009-09-27 23:19	13918208	----a-w-	c:\windows\system32\nvcpl.dll
2009-09-27 23:19 . 2009-09-27 23:19	229376	----a-w-	c:\windows\system32\nvmccs.dll
2009-09-27 21:12 . 2009-09-27 21:12	888832	----a-w-	c:\windows\system32\nvapi.dll
2009-09-27 21:12 . 2009-09-27 21:12	2194024	----a-w-	c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-09-27 21:12	2007040	----a-w-	c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2009-09-27 21:12	1714792	----a-w-	c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12	170600	----a-w-	c:\windows\system32\nvcodins.dll
2009-09-27 21:12 . 2009-09-27 21:12	170600	----a-w-	c:\windows\system32\nvcod.dll
2009-09-27 21:12 . 2009-09-27 21:12	1604482	----a-w-	c:\windows\system32\nvdata.bin
2009-09-27 21:12 . 2009-09-27 21:12	10756096	----a-w-	c:\windows\system32\nvoglnt.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 12:58 . 2007-05-21 13:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-23 12:58 . 2007-05-21 13:58	--------	d-----w-	c:\program files\Microsoft Works
2009-10-23 12:55 . 2008-04-22 22:02	--------	d-----w-	c:\documents and settings\Alan\Application Data\OpenOffice.org2
2009-10-23 12:55 . 2008-06-17 22:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2009-10-23 12:55 . 2009-08-17 20:57	--------	d-----w-	c:\documents and settings\Alan\Application Data\WTablet
2009-10-23 12:54 . 2007-03-31 02:46	3961	--sha-w-	c:\windows\system32\mmf.sys
2009-10-18 03:15 . 2005-12-10 02:12	--------	d-----w-	c:\program files\Google
2009-10-17 15:47 . 2009-10-17 05:27	0	----a-w-	c:\windows\system32\sck236jn.dat
2009-10-17 05:26 . 2009-10-17 05:26	20992	----a-w-	c:\windows\system32\perfc5932.dat
2009-10-17 05:26 . 2009-10-17 05:26	1	----a-w-	c:\windows\system32\perfc7683.dat
2009-10-16 18:08 . 2005-04-02 18:29	50136	----a-w-	c:\documents and settings\Alan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-16 17:18 . 2004-12-15 18:03	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-10-15 20:49 . 2007-12-06 18:10	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-10-15 20:05 . 2009-04-28 23:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-10-10 15:01 . 2005-03-28 15:20	--------	d-----w-	c:\program files\Java
2009-10-06 20:32 . 2007-12-06 18:10	--------	d-----w-	c:\program files\AGEIA Technologies
2009-10-02 17:15 . 2005-04-02 19:06	--------	d-----w-	c:\program files\Ubisoft
2009-09-27 21:12 . 2008-01-30 18:12	7655872	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 21:12 . 2008-01-30 18:12	5900416	----a-w-	c:\windows\system32\nv4_disp.dll
2009-09-24 14:24 . 2005-03-28 15:10	490088	----a-w-	c:\windows\system32\NVUNINST.EXE
2009-09-21 23:15 . 2009-09-21 23:15	--------	d-----w-	c:\program files\Defraggler
2009-09-21 23:10 . 2006-04-28 23:59	--------	d-----w-	c:\program files\My installed games
2009-09-14 21:14 . 2006-05-07 22:08	--------	d-----w-	c:\program files\Steam
2009-09-14 21:09 . 2009-02-26 00:43	--------	d-----w-	c:\program files\Battlefront
2009-09-11 14:18 . 2004-08-04 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-04-28 23:40	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-04-28 23:40	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 12:00	58880	----a-w-	c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00	916480	------w-	c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00	247326	----a-w-	c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33	1193832	----a-w-	c:\windows\system32\FM20.DLL
2009-08-14 18:36 . 2009-08-14 18:36	70936	----a-w-	c:\windows\system32\PhysXLoader.dll
2009-08-05 14:54 . 2009-04-30 02:45	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2004-08-04 12:00	2189184	------w-	c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59	2066048	------w-	c:\windows\system32\ntkrnlpa.exe
2009-08-03 05:21 . 2009-08-03 05:21	23320	----a-w-	c:\windows\system32\PhysXDevice.dll
2009-07-31 20:23 . 2009-04-19 16:43	411368	----a-w-	c:\windows\system32\deploytk.dll
1999-04-30 21:00 . 2004-12-15 18:20	98304	----a-w-	c:\program files\internet explorer\plugins\UPjpeg.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-10-22_01.18.22   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-21 13:59 . 2008-11-10 16:41	67472			  c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2007-05-21 13:59 . 2008-11-10 16:41	67472			  c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2007-05-21 13:59 . 2008-11-10 16:41	32656			  c:\windows\system32\msonpmon.dll
+ 2007-05-21 13:59 . 2008-11-10 16:41	864144			  c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2007-05-21 13:59 . 2008-11-10 16:41	864144			  c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
- 2008-08-08 03:31 . 2008-08-08 03:31	217864			  c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-10-23 12:56 . 2009-10-23 12:56	217864			  c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-04-04 16:36 . 2009-04-04 16:36	21390848			  c:\windows\Installer\200d0.msp
+ 2009-04-04 22:09 . 2009-04-04 22:09	15190016			  c:\windows\Installer\200bf.msp
+ 2009-04-04 22:08 . 2009-04-04 22:08	343058432			  c:\windows\Installer\200e1.msp
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 81920]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2004-06-29 81920]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-20 69632]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-06-04 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-06-04 131072]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]

c:\documents and settings\Alan\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\ROEd.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)

R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SIWinAcc.sys [11/18/2004 1:00 PM 10240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/29/2009 9:45 PM 108289]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [8/11/2006 3:56 PM 8192]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/17/2009 3:57 PM 2789160]
R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [9/30/2009 11:14 AM 36384]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [3/30/2007 9:46 PM 2560]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys --> c:\windows\system32\DRIVERS\chdrvr01.sys [?]
S3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\DRIVERS\chdrvr03.sys --> c:\windows\system32\DRIVERS\chdrvr03.sys [?]
S3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [1/17/2008 10:48 AM 135048]
S3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [1/17/2008 10:49 AM 28544]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/17/2009 3:57 PM 15656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2009-10-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-17 16:24]

2009-10-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.npr.org/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Post Image to Blog - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Tag This Image - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: Upload All Images to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5001
Trusted Zone: imageshack.us\toolbar
Trusted Zone: memeo.com\seagate
DPF: {C22877C3-4214-11D0-B0DA-080009C351D7} - hxxp://seagate.memeo.com/dragndrop.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 08:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:68,cc,02,64,92,d8,a5,d3,a1,94,0e,02,04,e6,e6,60,4c,d9,d1,37,ed,42,38,
   5d,3c,68,6a,46,96,8a,78,dc,fb,ff,c8,51,ce,eb,6e,dc,a0,7a,68,79,ff,83,fd,5b,\
"??"=hex:dd,99,0c,75,e0,d9,b3,83,e9,61,6d,9e,fe,35,fe,09

[HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\SecuROM\License information*]
"datasecu"=hex:3e,c5,af,e1,39,1e,0f,eb,6c,ea,70,56,06,be,ec,79,e5,42,a8,a3,28,
   c2,43,f0,3d,e0,cd,39,08,bb,c1,d0,16,65,b2,39,6d,3e,ab,9f,45,bf,3b,de,28,16,\
"rkeysecu"=hex:01,a8,a3,d0,1c,32,b3,d5,ab,e9,a0,17,12,71,11,ec

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
   25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
   c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
   8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\A62C3DF982434ABDAD414E772CEE62E6]
"1"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,b2,8b,15,99,5d,9d,47,
   61,6c,bf,37,a7,d1,d7,c0,b2
"2"=hex:6b,c7,e1,d4,2b,15,09,48,96,b8,cd,e2,2d,75,43,13
"3"=hex:dd,11,fd,f7,db,ce,9c,46,9f,e5,da,78,9a,29,79,3a,8d,72,98,12,9a,09,b6,
   a2,07,f8,b3,22,37,f7,26,b1,7a,1b,e8,c8,7f,e0,a9,7f,f4,3f,27,db,cd,61,a6,9b,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,b2,8b,15,99,5d,9d,47,
   61,d2,56,c2,b7,dd,df,a5,d3,10,fb,cc,9d,31,bc,8e,30,e7,10,dd,2b,ae,14,90,2e,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
   cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
   64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,cb,f3,0e,96,93,6e,94,4d,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:06,dd,46,10,cb,13,61,1f,eb,af,61,e5,74,32,5e,b3,4c,66,b3,8c,d3,68,fa,
   de,7d,b8,af,f8,11,ad,4f,e7,c4,af,6c,eb,4b,52,b6,28,f2,f9,5d,a0,c8,7c,91,84,\
"13"=hex:38,68,1e,c9,98,06,1e,f4,85,5c,00,ab,16,bc,3a,79,d4,ba,57,cc,9d,f6,82,
   7d,88,75,8c,1c,f9,c7,52,b1,1c,89,5e,fe,ef,d8,f3,15
"14"=hex:99,f7,bb,1b,0d,9d,88,b4,fa,9e,45,6c,cb,b1,2f,71
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:14,e5,d5,23,f4,be,a2,da,1b,f4,12,8c,8b,57,27,1e
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:4a,27,2e,fd,b7,5a,00,00,45,b0,ac,07,25,1f,d4,d2,50,ba,6c,fe,33,fb,50,
   02,e1,36,93,be,0a,01,eb,66,f8,ed,8e,b9,04,32,50,5a,d1,77,f8,0f,dc,2a,29,77,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\C4838B3D951212E6CDEE180D9201C56E]
"1"=hex:07,1f,1a,27,85,96,85,c3,38,71,53,58,52,6e,65,80,4c,0f,9a,93,b5,f7,5b,
   e0
"2"=hex:74,a4,b0,b2,7e,bd,e7,ef
"3"=hex:bc,e3,79,fb,21,92,30,37,2f,28,89,38,05,d1,54,4f,b9,c4,cc,1b,02,c4,69,
   4f,79,5a,3f,2f,d6,75,3b,11,eb,96,a6,b7,f3,2b,62,6a,b6,53,29,8e,3a,ab,d7,e2,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:07,1f,1a,27,85,96,85,c3,38,71,53,58,52,6e,65,80,0a,e7,b1,ce,73,6a,58,
   57,30,30,b0,e3,7a,66,81,b6,c4,90,48,1b,5f,da,a1,52,e2,81,56,1a,cd,3e,23,ce,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
   cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
   64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,cb,f3,0e,96,93,6e,94,4d,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:3a,44,69,31,35,cf,76,38,0a,8c,0e,ab,db,0c,ec,1d,c0,11,da,8a,92,6e,90,
   72,97,54,a1,73,c2,37,e6,e6,a0,7d,7e,10,77,fd,c6,4a,9c,9f,8e,4c,a3,ac,f2,f0,\
"13"=hex:e1,7b,3c,7b,06,53,76,c2,bb,bc,ae,24,db,e9,21,ef,d7,94,62,77,6d,dc,6e,
   80,ec,29,1f,63,69,d7,ea,23,04,d4,e8,3a,41,97,40,73
"14"=hex:cc,37,e6,02,49,3c,f3,ea,f2,40,e6,1c,3c,12,e0,3d
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:54,9f,0d,73,fe,2d,9b,68,95,1c,f1,29,9e,70,66,b0
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:f6,f8,99,16,36,24,a7,95,63,ed,74,9f,92,33,41,78,06,f9,bd,a6,94,cf,65,
   9a,3e,c4,84,a2,be,dc,ee,21,62,fb,44,9c,3c,76,0c,7c,a9,0b,85,7d,2c,5c,2a,b8,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\DF7B54A6112C2A0959607A574D3D99D6]
"1"=hex:05,a5,52,27,27,68,21,41,63,83,05,15,ef,55,2c,92
"2"=hex:e6,3c,85,4d,4d,ca,c1,63
"3"=hex:57,af,d3,58,c2,f7,b3,11,7e,1a,a2,1f,2d,89,d6,10,ff,a4,e2,98,e4,58,0d,
   1e,8d,cc,98,f5,30,b3,1f,71,a6,41,2d,73,33,f8,46,fc,da,ac,67,cc,d8,f6,31,f8,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:05,a5,52,27,27,68,21,41,e8,57,cb,d5,86,b9,d9,4d,cb,7f,99,f2,24,82,21,
   e1,10,02,88,72,56,d5,9c,a2,94,ab,2f,42,e2,d1,45,53,4d,4a,a7,9e,8d,a9,fd,c1,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
   cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
   64,ae,a5,e1,39,c0,fe,a7,12,fb,d4,fe,25,dc,00,56,48,cb,f3,0e,96,93,6e,94,4d,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:ce,45,78,db,dc,eb,6a,9f,38,c9,5b,23,c0,b3,1c,47,c3,8f,20,66,56,6a,ed,
   9d,5f,c6,5f,9a,b4,d2,88,e4,79,6c,c2,4f,11,6c,4f,8f,bb,d2,1d,45,5c,5b,f6,46,\
"13"=hex:4b,30,52,e3,d0,65,0c,f1,f9,d0,8e,13,3d,71,d2,c4,a0,8f,70,72,9a,bf,6b,
   13,92,0c,ac,72,0d,b6,d6,fd,9b,5f,cc,cf,63,e1,15,35
"14"=hex:08,ff,2b,1c,69,18,ef,7b,2e,51,47,6e,41,a5,c7,f7
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:7c,b5,60,2b,54,8d,76,85,de,db,74,1c,cc,34,78,68
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:dc,8b,1d,11,09,67,d5,50,ad,5f,da,e0,f6,90,74,f4,ad,0c,dd,6d,98,1b,bd,
   a5,07,a9,4c,73,1b,95,1c,7f,7f,7f,c6,31,9c,e9,b2,dc,8b,e8,04,c0,42,ca,3a,01,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1160)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-23  8:06
ComboFix-quarantined-files.txt  2009-10-23 13:06
ComboFix2.txt  2009-10-22 15:14
ComboFix3.txt  2009-10-22 01:22

Pre-Run: 38,035,980,288 bytes free
Post-Run: 37,990,113,280 bytes free

- - End Of File - - F738DFF5287B6B0B15A5AFD013E053F9

#10 Buckeye_Sam

Malware Expert

Members
17,382 posts
OFFLINE

Gender:Male
Location:Pickerington, Ohio
Local time:01:22 AM

Posted 24 October 2009 - 09:29 AM

Combofix updates very frequently, sometimes daily.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

#11 akdavis

Topic Starter

Members
40 posts
OFFLINE

Local time:01:22 AM

Posted 24 October 2009 - 11:30 AM

Okay, scanned successfully. I checked the box for deleting quarantined files after the scan finished. Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=7be4b3efd96b04498dcd28e229fe60e6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-24 04:17:20
# local_time=2009-10-24 11:17:20 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 14461559 14461559 0 0
# compatibility_mode=1797 16775141 100 100 0 32725802 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=341203
# found=4
# cleaned=4
# scan_time=4478
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir	a variant of Win32/Kryptik.AAG trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0208010.exe	Win32/Wigon.HT trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1667\A0208011.exe	Win32/Wigon.HT trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{2D32EC9D-B927-48D4-B863-2F6EDEC9965E}\RP1672\A0214774.exe	a variant of Win32/Kryptik.AAG trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

Hard drive is still constantly working.

#12 Buckeye_Sam

Malware Expert

Members
17,382 posts
OFFLINE

Gender:Male
Location:Pickerington, Ohio
Local time:01:22 AM

Posted 25 October 2009 - 10:03 AM

Double click OTL.exe to run it.

Click the "Scan All Users" checkbox.
Under the Custom Scan box paste this in

netsvcs
%systemdrive%\*.exe
%systemroot%\system32\drivers\*.sys
Click the "Quick Scan" button.
The scan should take just a few minutes.
Please copy and paste both logs back here in your next reply.

#13 akdavis

Topic Starter

Members
40 posts
OFFLINE

Local time:01:22 AM

Posted 25 October 2009 - 11:10 AM

OTL.txt:
OTL logfile created on: 10/25/2009 11:08:02 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Alan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.42% Memory free
3.80 Gb Paging File | 3.46 Gb Available in Paging File | 90.92% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.49 Gb Total Space | 38.18 Gb Free Space | 27.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AKD
Current User Name: Alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/22 19:05:05 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
PRC - [2009/09/27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/08/05 09:54:16 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/31 15:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/09 21:57:49 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/19 12:14:44 | 00,186,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/01/19 12:13:44 | 02,789,160 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/09/05 09:53:48 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/04 12:40:16 | 00,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2007/06/04 12:39:46 | 00,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2007/03/30 21:46:49 | 00,002,560 | ---- | M] () -- C:\WINDOWS\runservice.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2006/08/11 14:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/06/28 20:12:34 | 00,081,920 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2004/06/03 01:50:08 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2004/05/28 05:50:20 | 00,081,920 | ---- | M] (Ulead Systems) -- C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
PRC - [2004/03/12 15:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/09/19 20:23:02 | 00,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/09/27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2009/08/05 09:54:16 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/06/09 21:57:49 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/03/24 11:24:47 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009/01/19 12:13:44 | 02,789,160 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe -- (TabletServicePen [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/03/25 21:25:50 | 00,630,784 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC [Auto | Running])
SRV - [2008/02/28 11:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/02/28 11:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/09/05 09:53:48 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2007/03/30 21:46:49 | 00,002,560 | ---- | M] () -- C:\WINDOWS\runservice.exe -- (LicCtrlService [Auto | Running])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/03/12 15:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.npr.org/
IE - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 20:49:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/19 11:43:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1D5EE0CD-B464-4F51-BE91-5E9822CB24A9}: C:\Documents and Settings\Alan\Local Settings\Application Data\{1D5EE0CD-B464-4F51-BE91-5E9822CB24A9} [2009/10/15 14:26:44 | 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (ImageShack Toolbar) - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O3 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe (Ulead Systems)
O4 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe (Memeo Inc.)
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Post Image to Blog - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Tag This Image - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Upload All Images to ImageShack - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O8 - Extra context menu item: Upload Image to ImageShack - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (ImageShack Corp.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .UVR - C:\Program Files\Internet Explorer\Plugins\NPUPano.dll (Ulead Systems, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\..Trusted Domains: imageshack.us ([toolbar] http in Trusted sites)
O15 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\..Trusted Domains: memeo.com ([seagate] http in Trusted sites)
O15 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\..Trusted Domains: memeo.com ([seagate] https in Trusted sites)
O15 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000D27-0000-0000-0000-000000000000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab (ImageShack Toolbar)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} http://www.ritzpix.com/net/Uploader/LPUploader41.cab (Image Uploader Control)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv.view22.com/view22/app/view22rte.cab (View22RTE Class)
O16 - DPF: {C22877C3-4214-11D0-B0DA-080009C351D7} http://seagate.memeo.com/dragndrop.cab (Rhino Software ActiveX FtpTree Control 9.0)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/15 12:53:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/18 20:52:25 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/15 15:51:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/15 15:50:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
[2009/10/15 14:26:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\{1D5EE0CD-B464-4F51-BE91-5E9822CB24A9}
[2009/10/24 10:00:34 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/15 15:50:36 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/22 19:06:06 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/22 19:05:04 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2009/10/21 20:10:58 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/21 20:10:58 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/21 20:10:58 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/21 20:10:58 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/21 20:10:29 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/20 13:34:38 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Alan\Desktop\RootRepeal.exe
[2009/10/20 13:31:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Desktop\aircraft documents
[2009/10/18 20:52:25 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2009/10/17 21:48:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Desktop\SmitfraudFix
[2009/10/16 13:07:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/16 12:56:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/10/16 12:56:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/10/16 12:56:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/10/16 12:56:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/10/16 12:53:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/10/15 14:38:27 | 00,000,000 | ---D | C] -- C:\WTablet
[2009/10/14 07:48:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Desktop\UI 1.2 DL
[2005/03/28 10:25:30 | 00,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 14 Days ==========

[2009/10/25 11:04:24 | 00,050,136 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/25 11:04:24 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/25 11:04:24 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/25 11:04:05 | 00,003,961 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2009/10/25 11:03:59 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/10/25 11:03:58 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-20021102}.CDF
[2009/10/25 11:03:57 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/25 11:03:55 | 00,254,654 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/10/25 11:03:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/25 11:03:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/25 11:03:47 | 00,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/24 11:34:59 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2009/10/24 11:34:59 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2009/10/24 11:34:59 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2009/10/24 11:34:59 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2009/10/24 11:34:59 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2009/10/24 11:34:59 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/10/24 11:34:59 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/10/24 11:34:32 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-20021102}.BAK
[2009/10/23 08:05:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/23 07:59:02 | 03,351,787 | R--- | M] () -- C:\Documents and Settings\Alan\Desktop\ComboFix.exe
[2009/10/22 19:05:05 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2009/10/21 20:18:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/20 13:28:38 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Alan\Desktop\RootRepeal.exe
[2009/10/18 20:55:30 | 04,264,478 | -H-- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\IconCache.db
[2009/10/18 20:42:16 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\ck4szlwk.exe
[2009/10/18 20:41:44 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Flash_Disinfector.exe
[2009/10/18 09:06:07 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/17 21:41:34 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\SmitfraudFix.exe
[2009/10/17 10:47:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\sck236jn.dat
[2009/10/17 00:26:56 | 00,020,992 | ---- | M] () -- C:\WINDOWS\System32\perfc5932.dat
[2009/10/17 00:26:56 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\perfc7683.dat
[2009/10/16 13:11:44 | 00,582,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/16 13:11:44 | 00,341,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/16 13:11:44 | 00,134,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/16 13:02:04 | 02,085,312 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/10/16 12:54:57 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/10/15 15:50:39 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/15 15:44:04 | 00,331,264 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\dds.scr
[2009/10/15 15:08:52 | 07,280,672 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\SUPERAntiSpyware.exe
[2009/10/15 15:04:15 | 00,012,971 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dodaf.db
[2009/10/15 15:04:15 | 00,011,885 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\evyqyr.db
[2009/10/15 14:38:33 | 00,019,607 | ---- | M] () -- C:\WINDOWS\fake.lib
[2009/10/15 14:24:12 | 00,010,235 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\iqyzek.db
[2009/10/15 10:49:28 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Shortcut to Il2VersionSwitcher.lnk
[2009/10/14 09:35:14 | 00,015,017 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Tracermod_Eexhaton_Final.zip
[2009/10/13 08:44:42 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Defraggler.lnk
[2009/10/12 16:20:13 | 45,368,674 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\VAC_Full_2.2.6.zip
[2009/10/12 16:19:57 | 00,171,555 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\dick_dastardly_il-2_fb_aep_pf_profiles.zip

========== Files - No Company Name ==========
[2009/10/23 07:57:25 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/21 20:10:58 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/21 20:10:58 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/21 20:10:58 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/21 20:09:05 | 03,351,787 | R--- | C] () -- C:\Documents and Settings\Alan\Desktop\ComboFix.exe
[2009/10/20 13:34:38 | 00,331,264 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\dds.scr
[2009/10/18 20:47:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\ck4szlwk.exe
[2009/10/18 20:47:19 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\Flash_Disinfector.exe
[2009/10/17 21:45:12 | 01,872,472 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\SmitfraudFix.exe
[2009/10/17 00:27:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sck236jn.dat
[2009/10/17 00:26:56 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\perfc5932.dat
[2009/10/17 00:26:56 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\perfc7683.dat
[2009/10/15 15:50:39 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/15 15:17:25 | 07,280,672 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\SUPERAntiSpyware.exe
[2009/10/15 15:04:15 | 00,012,971 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dodaf.db
[2009/10/15 15:04:15 | 00,011,885 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\evyqyr.db
[2009/10/15 14:38:33 | 00,019,607 | ---- | C] () -- C:\WINDOWS\fake.lib
[2009/10/15 14:24:12 | 00,010,235 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\iqyzek.db
[2009/10/15 10:49:28 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\Shortcut to Il2VersionSwitcher.lnk
[2009/10/14 09:35:14 | 00,015,017 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\Tracermod_Eexhaton_Final.zip
[2009/10/12 16:20:12 | 45,368,674 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\VAC_Full_2.2.6.zip
[2009/10/12 16:19:57 | 00,171,555 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\dick_dastardly_il-2_fb_aep_pf_profiles.zip
[2008/10/12 21:10:25 | 00,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/12 21:10:25 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/09 15:29:00 | 00,000,340 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 23:04:14 | 00,000,072 | ---- | C] () -- C:\WINDOWS\pex.INI
[2008/01/17 10:48:56 | 02,514,944 | R--- | C] () -- C:\WINDOWS\System32\SaiCF51A.Dll
[2008/01/17 10:48:56 | 00,008,704 | R--- | C] () -- C:\WINDOWS\System32\SaiCF51A_0C.dll
[2008/01/17 10:48:56 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCF51A_10.dll
[2008/01/17 10:48:56 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCF51A_0A.dll
[2008/01/17 10:48:56 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCF51A_07.dll
[2008/01/17 10:48:56 | 00,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiCF51A_09.dll
[2008/01/17 10:48:56 | 00,007,168 | R--- | C] () -- C:\WINDOWS\System32\SaiCF51A_0402.dll
[2008/01/17 10:48:56 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\SaiCF51A_11.dll
[2007/03/30 21:46:49 | 00,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/03/30 21:46:49 | 00,003,961 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/03/28 22:58:05 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/21 22:28:06 | 00,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/02/21 18:55:11 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/02/21 18:49:59 | 00,000,227 | ---- | C] () -- C:\WINDOWS\EPSON RX620 Installer.ini
[2006/11/14 20:09:14 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2006/08/11 14:57:18 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 12:40:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/01/26 20:29:01 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/12 17:09:14 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 17:08:06 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/10/12 15:30:02 | 00,105,472 | ---- | C] () -- C:\WINDOWS\System32\ofp_ex.dll
[2005/06/16 18:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/06/09 17:35:01 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\fusioncache.dat
[2005/06/06 20:10:57 | 00,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/04/09 16:43:41 | 00,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI
[2005/04/02 14:24:49 | 04,264,478 | -H-- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\IconCache.db
[2005/04/02 13:29:11 | 00,050,136 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/04/02 13:27:52 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Alan\Application Data\desktop.ini
[2005/03/28 10:17:38 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/03/28 10:17:18 | 00,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/03/28 10:16:14 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/03/28 10:09:27 | 00,001,320 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/12/20 11:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/12/15 13:51:09 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/15 13:04:11 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2004/12/15 12:59:23 | 00,006,221 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/12/15 12:59:23 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2004/12/15 12:59:20 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/12/15 07:45:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/04 07:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/01/15 08:48:46 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/01/15 08:48:04 | 00,675,840 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== LOP Check ==========

[2009/10/21 20:16:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Alan\Application Data
[2008/12/24 22:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\AVS4YOU
[2007/07/05 10:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\CNN
[2008/04/23 15:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\EPSON
[2008/05/28 15:21:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\gtk-2.0
[2008/10/12 14:09:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\IGN_DLM
[2007/02/21 19:00:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Leadertech
[2008/11/03 16:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Move Networks
[2007/04/13 23:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\nHancer
[2005/10/29 20:49:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Notepad++
[2009/10/25 11:04:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\OpenOffice.org2
[2008/01/25 01:51:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\SealedMedia
[2007/03/21 17:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\SecuROM
[2008/12/07 00:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Smart Mod Manager
[2007/03/30 16:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\SmartFTP
[2009/03/23 14:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Snapfish
[2009/03/09 19:32:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\The Creative Assembly
[2008/05/28 15:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\TrueSwitch
[2009/04/29 15:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\U3
[2007/02/11 14:16:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Ulead Systems
[2008/03/15 12:36:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Ventrilo
[2009/10/25 11:04:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\WTablet
[2008/10/12 23:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\XRay Engine
[2009/10/21 20:16:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/24 22:33:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2006/04/28 21:29:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2008/06/10 14:41:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2004/12/15 13:43:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/06/12 10:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/03/22 14:53:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nHancer
[2008/01/17 10:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2008/12/11 10:17:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/10/12 21:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2008/03/13 15:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2007/02/11 13:15:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/06 18:48:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2005/06/07 16:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2004/12/15 12:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/09/28 07:06:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/25 11:04:24 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/25 11:03:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/25 11:03:59 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2008/04/13 13:46:18 | 00,053,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\1394bus.sys
[2008/04/13 13:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2004/08/04 07:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008/04/13 11:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 05:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 13:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008/04/13 13:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 13:31:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 13:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2008/04/13 13:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2004/08/13 05:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys
[2000/03/29 09:17:42 | 00,005,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
[2008/04/13 13:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:29:30 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 22:29:30 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 22:29:30 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 22:29:32 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 22:29:32 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 22:29:32 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 22:29:32 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 22:29:32 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 22:29:32 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 22:29:32 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/03 22:29:28 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 22:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 22:29:28 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 22:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 22:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 22:29:30 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 22:29:32 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 22:29:32 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 22:29:32 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 22:29:32 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 22:29:32 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 22:29:32 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/12/06 22:38:50 | 00,279,712 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys
[2008/04/13 13:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2004/08/04 07:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 13:51:30 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2004/08/04 07:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 08:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2009/02/13 12:17:49 | 00,045,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys
[2009/08/05 09:54:16 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2009/02/13 12:29:11 | 00,022,360 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys
[2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2004/08/04 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2008/04/13 13:53:23 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 13:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 13:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 13:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 06:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 13:46:31 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 13:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys
[2004/08/04 07:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2004/08/04 07:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 14:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/04 07:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 14:16:22 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2004/08/04 07:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 13:31:32 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2005/06/08 13:08:34 | 01,359,744 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CT0531FL.SYS
[2006/08/11 14:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys
[2006/08/11 14:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys
[2005/11/10 17:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys
[2002/12/30 10:53:36 | 00,012,160 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CTGAME.SYS
[2005/09/06 14:02:20 | 01,365,888 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CTMMFILT.SYS
[2006/08/11 14:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys
[2003/10/08 10:07:32 | 00,177,456 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CTOSS9X.SYS
[2006/08/11 14:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys
[2006/08/11 14:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys
[2008/04/13 13:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 13:40:44 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008/04/13 13:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 13:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 13:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008/04/13 13:45:14 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 13:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004/08/04 07:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 13:38:29 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2004/08/04 07:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2006/08/11 14:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys
[1999/10/21 09:12:52 | 00,020,400 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys
[2001/08/17 08:46:40 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\enum1394.sys
[2008/04/13 14:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008/04/13 13:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 13:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 13:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 13:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/04 07:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2004/08/04 07:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2004/08/04 07:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 13:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2006/08/11 14:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys
[2006/08/11 14:45:32 | 01,110,016 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha20x2k.sys
[2006/08/11 14:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys
[2006/08/11 14:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP17v2k.sys
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2008/04/13 13:46:30 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 13:45:26 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 13:45:26 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 13:45:22 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008/04/13 13:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2008/04/16 13:05:16 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys
[2008/04/16 13:05:16 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys
[2008/04/16 13:05:16 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys
[2004/08/03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2008/04/13 13:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 14:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2008/04/13 13:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2008/04/13 13:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 13:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004/08/04 07:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 13:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 13:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 14:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 13:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys
[2008/04/13 13:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 13:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2003/09/11 00:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys
[2008/04/13 13:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2008/04/13 13:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 14:16:36 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 06:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2008/10/12 21:10:25 | 00,025,888 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2004/08/04 07:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2004/08/03 22:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 13:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2009/03/25 11:06:28 | 00,079,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2009/03/25 11:06:28 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2009/03/25 11:06:28 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2009/03/25 11:05:54 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys
[2009/03/25 11:06:30 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys
[2004/08/04 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 14:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 13:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 13:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 13:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2009/06/22 06:48:44 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys
[2008/04/13 13:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 13:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 13:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/13 13:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2001/08/17 09:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys
[2008/04/13 13:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 13:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 13:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2004/08/03 22:41:40 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 22:41:38 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 22:29:38 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 14:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 13:43:55 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008/04/13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 13:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 13:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 14:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008/04/13 13:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 13:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 14:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 13:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004/08/04 07:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 13:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/25 14:54:58 | 00,036,384 | ---- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\system32\drivers\npusbio.sys
[2008/04/13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 22:41:40 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2004/08/04 07:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2009/09/27 16:12:22 | 07,655,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2005/01/20 08:45:30 | 00,088,960 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys
[2005/01/13 16:45:44 | 00,033,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys
[2005/01/13 16:45:46 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys
[2005/01/13 16:45:28 | 00,261,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnrm.sys
[2005/01/13 16:45:18 | 00,208,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvsnpu.sys
[2004/08/04 07:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004/08/04 07:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 13:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004/08/04 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004/08/04 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 13:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys
[2008/04/13 13:46:18 | 00,061,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2004/08/04 07:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 13:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 13:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 13:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004/08/04 07:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 13:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2001/11/19 18:05:18 | 00,003,972 | ---- | M] () -- C:\WINDOWS\system32\drivers\PciBus.sys
[2004/08/04 07:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2008/04/13 13:40:29 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 13:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2006/01/09 17:41:44 | 00,034,656 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\Pcouffin.sys
[2006/08/11 14:56:36 | 00,008,192 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\pfmodnt.sys
[2004/06/03 01:50:08 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys
[2008/04/13 14:19:41 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 13:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 13:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2004/08/04 07:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 14:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 13:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 14:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004/08/04 07:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2004/08/04 07:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 14:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/04 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 13:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/13 19:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 22:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 13:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 13:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2004/08/04 07:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004/08/04 07:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 09:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 13:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 13:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2004/08/03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys
[2007/08/22 04:16:40 | 00,096,384 | R--- | M] (Dynex ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys
[2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2007/06/05 05:09:26 | 00,035,072 | R--- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiBus.sys
[2007/06/05 05:09:14 | 00,135,048 | R--- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiHF51A.sys
[2007/06/05 05:09:26 | 00,014,080 | R--- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiMini.sys
[2007/06/05 05:09:16 | 00,028,544 | R--- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiUF51A.sys
[2008/04/13 13:40:48 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys
[2008/04/13 13:40:30 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008/04/13 13:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 14:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 13:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 13:40:48 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 13:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 13:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2004/07/21 11:02:00 | 00,166,400 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\Si3114r5.sys
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys
[2003/10/15 10:28:00 | 00,010,240 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SIWinAcc.sys
[2004/08/03 22:41:42 | 00,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 22:41:44 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 22:41:46 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 22:41:46 | 00,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 13:36:34 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys
[2004/08/04 07:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2008/04/13 13:46:07 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008/04/13 13:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 13:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2008/12/11 05:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2009/06/09 21:57:49 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys
[2008/04/13 13:45:15 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 13:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 13:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008/04/13 14:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 13:40:50 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 06:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 14:00:05 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 19:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 19:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 19:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/04 07:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2004/08/04 07:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 13:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 13:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 13:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2005/01/27 07:16:38 | 00,027,392 | ---- | M] (Ulead Systems, Inc.) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys
[2008/04/13 13:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2008/01/15 03:39:58 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys
[2008/04/13 13:45:40 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 13:45:41 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 13:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004/08/04 07:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 13:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 13:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 13:45:43 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 13:45:35 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008/04/13 13:45:36 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 13:47:37 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 13:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 13:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 13:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004/05/29 08:30:46 | 00,292,288 | ---- | M] (Ulead Systems, Inc.) -- C:\WINDOWS\system32\drivers\USIUDF.sys
[2004/08/04 07:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 13:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 13:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 13:44:40 | 00,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 13:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/10/06 11:53:24 | 00,015,656 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys
[2007/02/16 11:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys
[2008/04/13 13:43:55 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys
[2008/08/18 15:45:00 | 00,013,352 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacomvhid.sys
[2007/02/15 16:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys
[2004/08/03 22:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 22:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 22:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 22:29:42 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 13:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/03 22:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 22:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008/04/13 14:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004/08/04 07:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004/08/04 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys
[2004/08/19 07:21:00 | 00,189,568 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys
< End of report >[/code]

Extras.txt:
[code=auto:0]OTL Extras logfile created on: 10/25/2009 11:08:02 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Alan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.42% Memory free
3.80 Gb Paging File | 3.46 Gb Available in Paging File | 90.92% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.49 Gb Total Space | 38.18 Gb Free Space | 27.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AKD
Current User Name: Alan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS0F6C\setup\HPZnui01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS0F6C\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 -- (SmartSoft Ltd.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Steam\SteamApps\common\red orchestra\System\RedOrchestra.exe" = C:\Program Files\Steam\SteamApps\common\red orchestra\System\RedOrchestra.exe:*:Enabled:Red Orchestra -- ()
"C:\Program Files\Steam\SteamApps\common\red orchestra\System\ROEd.exe" = C:\Program Files\Steam\SteamApps\common\red orchestra\System\ROEd.exe:*:Enabled:RedOrchestra SDK Beta -- ()
"C:\Program Files\Bohemia Interactive\ArmA 2\arma2.exe" = C:\Program Files\Bohemia Interactive\ArmA 2\arma2.exe:*:Enabled:ArmA 2 -- (Bohemia Interactive)
"C:\Program Files\Steam\SteamApps\common\stalker clear sky\bin\xrEngine.exe" = C:\Program Files\Steam\SteamApps\common\stalker clear sky\bin\xrEngine.exe:*:Enabled:STALKER: Clear Sky -- ()
"C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe" = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe:*:Enabled:il2fb -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5 SE
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0B5D03B9-02EE-4667-BD4D-8DB6C4519AB5}" = X1 Ostfront Addon for FB+AEP+PF --- Hotfix 1.01
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter Wolves of the Pacific
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{43C0C354-A185-4D2D-A057-67C9160460E1}" = PS_AIO_04_C4580_Software_Min
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48C97477-1D55-4B51-86BF-822677C04164}" = ImageShack Toolbar for Internet Explorer
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0 SE DVD
"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}" = Paint.NET v3.31
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{61A865F5-0689-4BFA-A70E-F559855EF899}" = Dynex DX-E102 PCI 10/100Mb Network Adapter
"{61AE44DA-F2DE-4792-9796-5296A2CEC3D6}" = Saitek SD6 Programming Software 6.0.5.12
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{751FADFF-141C-4AF8-9809-E0B40407DC03}" = X1 Ostfront Addon for FB+AEP+PF 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{8920EF0D-633E-46D1-9561-90E713E3145A}" = AutoBackup
"{8E4CF4E6-062E-11D8-BCF1-005004748D87}" = 3114 SATARAID5
"{8ECB8220-F420-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008 (Plus Pack)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AD8E6D29-95EC-494E-8AF5-566E784819A6}" = Ulead Data-Add 2.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}" = HP Photosmart C4500 All-In-One Driver 11.0 Rel .4
"{C00A7497-C9A3-44DE-ADF0-7B6A082C2D16}" = X1 Ostfront Addon for FB+AEP+PF --- Update 1.02
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client 2.0
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C7D89BBE-D4B3-49E8-B185-7966B5345866}" = Ulead DVD MovieFactory 3.5 Suite
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CADA6C4C-3EF2-43FC-8E5B-E89E3880A399}" = Ulead PhotoImpact XL SE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF404C21-47EB-4FA5-B920-91746874ED43}" = Ulead Photo Express My Scrapbook 2.0
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC9BC2CA-32E2-402E-A96C-C3B6AE821D55}" = Smart Mod Manager
"{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}" = InterVideo Disc Master 2
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"{F7872D8B-0E53-4F7F-962C-E3DFB50B13CF}" = Silent 3ditor (beta 0.8.2)
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"ArmA 2" = ArmA 2 Uninstall
"Audacity_is1" = Audacity 1.2.6
"AudioConSole" = Creative Audio Console
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDRW Drive Update" = Creative CD Burner Drive Update
"Combat Mission Shock Force_is1" = Combat Mission Shock Force
"Conquest Of The Aegean3.0.126" = Conquest Of The Aegean
"Creative MediaSource CD-ROM Burner Plugin" = Creative MediaSource CD-ROM Burner Plugin
"Defraggler" = Defraggler
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DTS Console" = DTS Neo:6 Settings
"ESET Online Scanner" = ESET Online Scanner v3
"FB Swatika Enabler" = FB Swatika Enabler
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hyper Lobby Pro Client version 3.8.101" = Hyper Lobby Pro Client version 3.8.101
"ICopyDVDs2" = ICopyDVDs2 3.2.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PC Magazine TaskPower" = PC Magazine TaskPower
"Pen Tablet Driver" = Pen Tablet
"SmartFTP Client 2.0 Setup Files" = SmartFTP Client 2.0 Setup Files (remove only)
"ST6UNST #1" = Operation Flashpoint P3D Texture Swap Utility
"ST6UNST #2" = HardBall's Aircraft Viewer 4.04
"Steam App 1220" = RedOrchestra SDK Beta
"Steam App 1280" = Darkest Hour
"Steam App 20510" = STALKER: Clear Sky
"Steam™" = Steam™
"STLFR_eng_is1" = 'Steel Fury - Kharkov 1942'
"SystemRequirementsLab" = System Requirements Lab
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.4.4.0
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD" = XviD MPEG-4 Codec
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{8920EF0D-633E-46D1-9561-90E713E3145A}" = AutoBackup
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2009 11:45:34 AM | Computer Name = AKD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/17/2009 11:47:33 AM | Computer Name = AKD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/22/2009 12:10:13 PM | Computer Name = AKD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/22/2009 8:03:35 PM | Computer Name = AKD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/22/2009 8:08:23 PM | Computer Name = AKD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/22/2009 8:12:58 PM | Computer Name = AKD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/23/2009 8:55:11 AM | Computer Name = AKD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/23/2009 8:58:48 AM | Computer Name = AKD | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Home and Student 2007 - Update 'Microsoft
Office 2007 Service Pack 2 (SP2)' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 10/24/2009 10:56:30 AM | Computer Name = AKD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/25/2009 12:04:18 PM | Computer Name = AKD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 10/23/2009 8:57:43 AM | Computer Name = AKD | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: The 2007 Microsoft Office Suite Service Pack 2 (SP2).

Error - 10/23/2009 8:59:49 AM | Computer Name = AKD | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 10/23/2009 8:59:56 AM | Computer Name = AKD | Source = Service Control Manager | ID = 7034
Description = The LicCtrl Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/23/2009 8:59:57 AM | Computer Name = AKD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 10/23/2009 9:01:33 AM | Computer Name = AKD | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 10/23/2009 9:05:01 AM | Computer Name = AKD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

< End of report >

Edited by Buckeye_Sam, 25 October 2009 - 11:16 AM.

#14 Buckeye_Sam

Malware Expert

Members
17,382 posts
OFFLINE

Gender:Male
Location:Pickerington, Ohio
Local time:01:22 AM

Posted 25 October 2009 - 11:42 AM

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKU\S-1-5-21-1891462814-1093553118-4216441478-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll File not found
O16 - DPF: {00000D27-0000-0000-0000-000000000000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
[2009/10/15 15:04:15 | 00,012,971 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dodaf.db
[2009/10/15 15:04:15 | 00,011,885 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\evyqyr.db
[2009/10/15 14:38:33 | 00,019,607 | ---- | M] () -- C:\WINDOWS\fake.lib
[2009/10/15 14:24:12 | 00,010,235 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\iqyzek.db

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
You will get a log that shows the results of the fix. Please post it.
Then also run and post a new OTL log.

=====================

Uninstall these older and insecure versions of Java.

J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 10
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_04

I'm really not seeing any indication of an active infection. It's not uncommon for your computer to have activity. Many programs will work quietly in the background while your computer is idle. For example, Windows chooses this time to index your files for a quicker search.

Are you getting any other indication that you might be infected?

#15 akdavis

Topic Starter

Members
40 posts
OFFLINE

Local time:01:22 AM

Posted 25 October 2009 - 12:22 PM

Haven't noticed this type of low level hard drive activity in the past when no processes are visible using the CPU in taskmanager, but it may very well be the byproduct of something else. Whenever IE is open, 2 iexplore.exe's show in Taskmanager, which I hadn't noticed before, but maybe that is normal (or normal since recent upgrade to IE8).

Here is the first OTL log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1891462814-1093553118-4216441478-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Google Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Translate English Word\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Backward Links\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate Page into English\ deleted successfully.
Starting removal of ActiveX control {00000D27-0000-0000-0000-000000000000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000D27-0000-0000-0000-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000D27-0000-0000-0000-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000D27-0000-0000-0000-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000D27-0000-0000-0000-000000000000}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\dodaf.db moved successfully.
C:\Documents and Settings\All Users\Documents\evyqyr.db moved successfully.
C:\WINDOWS\fake.lib moved successfully.
C:\Documents and Settings\Alan\Local Settings\Application Data\iqyzek.db moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alan
->Temp folder emptied: 794 bytes
File delete failed. C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 116173628 bytes
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 6964 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 110.86 mb
 
 
OTL by OldTimer - Version 3.0.21.0 log created on 10252009_120811

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

For the second step, I assume you mean run a full scan with OTL. I will do so and post that log when it finishes.