Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TRCrypt.XPACK.Gen - Trojan


  • Please log in to reply
5 replies to this topic

#1 corbasz

corbasz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 26 October 2009 - 05:56 PM

DDS (Ver_09-10-26.01) - NTFSx86  
Run by CorbasT at 23:43:02,00 on 2009.10.26
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2303.1953 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)   {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\CORBAS~1\LOCALS~1\Temp\nyjxnlqrfsc.exe
C:\WINDOWS\system32\znizzpmxpjbunjhnajf.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Corbas™\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Documents and Settings\Corbas™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\Corbas™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Corbas™\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.lt/
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\corbas™\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [fjubrxklt] znizzpmxpjbunjhnajf.exe
uRun: [mnvzmp] c:\docume~1\corbas~1\locals~1\temp\yjbpmztbqhwmcvqt.exe
uRunOnce: [ydpxovjluf] mbxpqhfrkfysmjipdnkg.exe .
uRunOnce: [zbkpdhs] c:\docume~1\corbas~1\locals~1\temp\yjbpmztbqhwmcvqt.exe .
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mnvzmp] yjbpmztbqhwmcvqt.exe
mRun: [qxlvoxnrcpam] c:\docume~1\corbas~1\locals~1\temp\brohjbanhdxsnlltitroi.exe
mRunOnce: [zbkpdhs] brohjbanhdxsnlltitroi.exe .
mRunOnce: [tzmvnvknxjt] c:\docume~1\corbas~1\locals~1\temp\obvlkzvfwpgyqlinzh.exe .
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [orbhwbnn] mbxpqhfrkfysmjipdnkg.exe
mExplorerRun: [bbilx] c:\docume~1\corbas~1\locals~1\temp\yjbpmztbqhwmcvqt.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoFolderOptions = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableVirtualization = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-26 108289]

=============== Created Last 30 ================

2009-10-26 14:25:13	0	d-----w-	c:\windows\ERUNT
2009-10-26 06:37:52	3768	---h--w-	c:\windows\system32\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
2009-10-26 06:37:52	3768	---h--w-	c:\windows\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
2009-10-26 06:37:52	100	---h--w-	c:\windows\system32\dxyvbxarppnmlnrdwlnom.vga
2009-10-26 06:37:52	100	---h--w-	c:\windows\dxyvbxarppnmlnrdwlnom.vga
2009-10-26 06:23:51	0	d-----w-	C:\SDFix
2009-10-26 06:07:00	0	d-----w-	c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-10-26 06:06:09	0	d-----w-	c:\program files\NVIDIA Corporation
2009-10-26 06:05:26	0	d-----w-	C:\NVIDIA
2009-10-26 01:50:03	0	d-----w-	c:\program files\common files\ODBC
2009-10-26 01:50:01	0	d-----w-	c:\program files\common files\SpeechEngines
2009-10-26 01:49:41	0	d-----r-	c:\documents and settings\all users\Documents
2009-10-26 00:21:14	0	d-----w-	c:\program files\Avira
2009-10-26 00:21:14	0	d-----w-	c:\docume~1\alluse~1\applic~1\Avira
2009-10-26 00:16:47	0	d-----w-	c:\program files\Realtek Sound Manager
2009-10-26 00:16:43	0	d-----w-	c:\program files\AvRack
2009-10-26 00:16:38	0	d-----w-	c:\program files\Realtek AC97
2009-10-26 00:10:13	0	d-----w-	c:\program files\BitLord
2009-10-25 23:56:16	0	d-sh--w-	c:\documents and settings\all users\DRM
2009-10-25 23:56:01	0	d--h--w-	c:\program files\WindowsUpdate
2009-10-25 23:55:34	0	d-----w-	c:\program files\common files\MSSoap
2009-10-25 23:54:26	0	d-----w-	c:\program files\Online Services
2009-10-25 23:54:19	0	d-----w-	c:\program files\Messenger
2009-10-25 23:54:16	0	d-----w-	c:\program files\MSN Gaming Zone
2009-10-25 23:53:50	0	d-----w-	c:\program files\Windows NT

==================== Find3M  ====================

2009-10-26 20:38:28	1048576	---ha-w-	c:\documents and settings\corbas™\NTUSER.DAT
2009-10-26 06:37:52	3768	---h--w-	c:\program files\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
2009-10-26 06:37:52	100	---h--w-	c:\program files\dxyvbxarppnmlnrdwlnom.vga
2009-10-25 23:54:42	21640	----a-w-	c:\windows\system32\emptyregdb.dat
2009-09-27 16:20:04	2173544	----a-w-	c:\windows\system32\nvcplui.exe
2009-09-27 16:20:00	81920	----a-w-	c:\windows\system32\nvwddi.dll
2009-09-27 16:19:52	3166208	----a-w-	c:\windows\system32\nvwss.dll
2009-09-27 16:19:50	4026368	----a-w-	c:\windows\system32\nvvitvs.dll
2009-09-27 16:19:48	3547136	----a-w-	c:\windows\system32\nvgames.dll
2009-09-27 16:19:48	188416	----a-w-	c:\windows\system32\nvmccss.dll
2009-09-27 16:19:48	1286144	----a-w-	c:\windows\system32\nvmobls.dll
2009-09-27 16:19:46	86016	----a-w-	c:\windows\system32\nvmctray.dll
2009-09-27 16:19:46	4935680	----a-w-	c:\windows\system32\nvdisps.dll
2009-09-27 16:19:46	172100	----a-w-	c:\windows\system32\nvsvc32.exe
2009-09-27 16:19:46	143360	----a-w-	c:\windows\system32\nvcolor.exe
2009-09-27 16:19:46	13918208	----a-w-	c:\windows\system32\nvcpl.dll
2009-09-27 16:19:40	229376	----a-w-	c:\windows\system32\nvmccs.dll
2009-09-27 14:12:22	888832	----a-w-	c:\windows\system32\nvapi.dll
2009-09-27 14:12:22	7655872	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12:22	5900416	----a-w-	c:\windows\system32\nv4_disp.dll
2009-09-27 14:12:22	2194024	----a-w-	c:\windows\system32\nvcuvid.dll
2009-09-27 14:12:22	2007040	----a-w-	c:\windows\system32\nvcuda.dll
2009-09-27 14:12:22	1714792	----a-w-	c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12:22	170600	----a-w-	c:\windows\system32\nvcodins.dll
2009-09-27 14:12:22	170600	----a-w-	c:\windows\system32\nvcod.dll
2009-09-27 14:12:22	1604482	----a-w-	c:\windows\system32\nvdata.bin
2009-09-27 14:12:22	10756096	----a-w-	c:\windows\system32\nvoglnt.dll
2009-09-24 07:24:18	490088	----a-w-	c:\windows\system32\NVUNINST.EXE
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\brohjbanhdxsnlltitroi.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\frkzxlgpfxnevplpa.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\mbxpqhfrkfysmjipdnkg.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\obvlkzvfwpgyqlinzh.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\sjhbexxlgdyuqpqzpbaytb.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\yjbpmztbqhwmcvqt.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\znizzpmxpjbunjhnajf.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\system32\brohjbanhdxsnlltitroi.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\system32\frkzxlgpfxnevplpa.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\system32\mbxpqhfrkfysmjipdnkg.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\system32\obvlkzvfwpgyqlinzh.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\system32\sjhbexxlgdyuqpqzpbaytb.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\system32\yjbpmztbqhwmcvqt.exe
2009-02-13 07:11:10	491520	--sh--r-	c:\windows\system32\znizzpmxpjbunjhnajf.exe

============= FINISH: 23:43:49,79 ===============
I dont know how i get this malware, but my pc going to much slowly i cant turn on my task manager,also all the window turning off automaticaly and any anti-virus cant help me to remove it :(( I deleted my old windows xp and rewrite new one but it donst help me to.. :(

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:50 PM

Posted 27 October 2009 - 05:55 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 corbasz

corbasz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 30 October 2009 - 08:55 AM

oh man, thx for helping :()) but what can i say, its actually inposible to delete Ill try twice time to do again and again and everything like you note, fast as you say , but when Ill rebot my pc every malware automaticaly updating, becouse my avira antivirus showing that viruses :) but now I cant turn on my MBAM and some folders its automaticaly turning off , like antivirus, taskmanager, or some website where i looking for answers:/.. ;D I dont know but that virus wery clever;( I found my autorun.inf in C:// disk
;jbpmztbqhwmcvqtdjcujlacnftqdxfulaqgzuxhngynpegrjxuhbjypeukdyblrkcrtikvnbylfnctiyohcfpvogvxmozrfcpjrgxmcslgjtzskzbqsdvjg
[AutoRun]
;tbqhwmcvqtdjcujlacnftqdxfulaqgzuxhngynpegrjxuhbjypeukdyblrkcrtikvnbylfnctiyohcfpvogvxmozrfcpjrgxmcslgjtzskzbqsdvjg
open=fjubrxklt.bat
;mztbqhwmcvqtdjcujlacnftqdxfulaqgzuxhngynpegrjxuhbjypeukdyblrkcrtikvnbylfnctiyohcfpvogvxmozrfcpjrgxmcslgjtzskzbqsdvjg
shell\open\Command=tzmvnvknxjt.bat _
;bpmztbqhwmcvqtdjcujlacnftqdxfulaqgzuxhngynpegrjxuhbjypeukdyblrkcrtikvnbylfnctiyohcfpvogvxmozrfcpjrgxmcslgjtzskzbqsdvjg
shell\open\Default=1
shell\explore\Default=2
;hwmcvqtdjcujlacnftqdxfulaqgzuxhngynpegrjxuhbjypeukdyblrkcrtikvnbylfnctiyohcfpvogvxmozrfcpjrgxmcslgjtzskzbqsdvjg
shell\explore\Command=pxmxrbsxjxjwj.bat _
;qtdjcujlacnftqdxfulaqgzuxhngynpegrjxuhbjypeukdyblrkcrtikvnbylfnctiyohcfpvogvxmozrfcpjrgxmcslgjtzskzbqsdvjg
maybe here is the problem, but
I cant delete it too.. and btw I cant open my safe mode, after 5 sec it automaticaly rebooting :(


OTL logfile created on: 2009.10.30 15:16:57 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Corbas™\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd

2,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 90,65% Memory free
4,00 Gb Paging File | 3,77 Gb Available in Paging File | 94,25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73,24 Gb Total Space | 67,38 Gb Free Space | 92,00% Space Free | Partition Type: NTFS
Drive D: | 75,80 Gb Total Space | 25,22 Gb Free Space | 33,28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESTROYER3000
Current User Name: Corbas™
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009.10.30 15:13:01 | 00,688,128 | ---- | M] () -- C:\Documents and Settings\Corbas™\Local Settings\Temp\zbkpdhs.exe
PRC - [2009.10.30 14:38:33 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Corbas™\My Documents\Downloads\OTL.exe
PRC - [2009.10.26 02:06:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2009.10.09 20:24:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009.09.27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009.07.21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.13 09:11:10 | 00,491,520 | RHS- | M] () -- C:\WINDOWS\System32\mbxpqhfrkfysmjipdnkg.exe
PRC - [2008.04.14 14:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008.04.14 14:00:00 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpabaln.exe
PRC - [2005.10.24 08:45:16 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Win32 Services (SafeList) ==========

SRV - [2009.09.27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2009.07.21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009.05.13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2008.04.14 14:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

========== Modules (SafeList) ==========

MOD - [2009.10.30 14:38:33 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Corbas™\My Documents\Downloads\OTL.exe
MOD - [2008.04.14 14:00:00 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008.04.14 14:00:00 | 00,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MLANG.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm






IE - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.lt/
IE - HKU\S-1-5-21-117609710-412668190-682003330-1003\S-1-5-21-117609710-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mnvzmp] C:\WINDOWS\System32\yjbpmztbqhwmcvqt.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found
O4 - HKLM..\Run: [qxlvoxnrcpam] C:\Documents and Settings\Corbas™\Local Settings\Temp\obvlkzvfwpgyqlinzh.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-117609710-412668190-682003330-1003..\Run: [fjubrxklt] C:\WINDOWS\System32\brohjbanhdxsnlltitroi.exe ()
O4 - HKU\S-1-5-21-117609710-412668190-682003330-1003..\Run: [Google Update] C:\Documents and Settings\Corbas™\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-117609710-412668190-682003330-1003..\Run: [mnvzmp] C:\Documents and Settings\Corbas™\Local Settings\Temp\frkzxlgpfxnevplpa.exe ()
O4 - HKLM..\RunOnce: [tzmvnvknxjt] C:\Documents and Settings\Corbas™\Local Settings\Temp\yjbpmztbqhwmcvqt.exe ()
O4 - HKLM..\RunOnce: [zbkpdhs] C:\WINDOWS\System32\frkzxlgpfxnevplpa.exe ()
O4 - HKU\S-1-5-21-117609710-412668190-682003330-1003..\RunOnce: [ydpxovjluf] C:\WINDOWS\System32\frkzxlgpfxnevplpa.exe ()
O4 - HKU\S-1-5-21-117609710-412668190-682003330-1003..\RunOnce: [zbkpdhs] C:\Documents and Settings\Corbas™\Local Settings\Temp\znizzpmxpjbunjhnajf.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-117609710-412668190-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
O7 - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-117609710-412668190-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.26 01:57:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.10.30 15:13:26 | 00,000,798 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.10.30 15:13:26 | 00,000,806 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\yhnxzhl.bat -- [2009.06.14 04:46:27 | 00,491,520 | RHS- | M] ()
O33 - MountPoints2\D\Shell\explore\Command - "" = D:\sfpdjvduxit.bat -- [2009.06.11 12:08:49 | 00,491,520 | RHS- | M] ()
O33 - MountPoints2\D\Shell\open\Command - "" = D:\epxjnxdst.bat -- [2009.02.13 09:11:10 | 00,491,520 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009.10.26 03:49:22 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009.10.26 02:21:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009.10.30 14:33:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009.10.26 03:49:22 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009.10.26 08:07:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009.10.26 02:02:59 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Corbas™\Application Data
[2009.10.26 14:32:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\Application Data\Adobe
[2009.10.26 02:03:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\Application Data\Identities
[2009.10.26 14:32:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\Application Data\Macromedia
[2009.10.30 14:33:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\Application Data\Malwarebytes
[2009.10.26 02:02:59 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Corbas™\Application Data\Microsoft
[2009.10.26 02:02:59 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Corbas™\Local Settings\Application Data
[2009.10.26 02:06:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\Google
[2009.10.26 02:02:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\Microsoft
[2009.10.26 02:06:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\Temp
[2009.10.26 03:50:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009.10.26 02:04:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009.10.26 03:50:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009.10.26 01:55:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009.10.26 03:50:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009.10.26 01:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009.10.26 01:55:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009.10.26 03:50:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009.10.26 03:50:00 | 00,000,000 | R--D | C] -- C:\Program Files
[2009.10.26 02:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009.10.26 02:16:43 | 00,000,000 | ---D | C] -- C:\Program Files\AvRack
[2009.10.26 02:10:13 | 00,000,000 | ---D | C] -- C:\Program Files\BitLord
[2009.10.26 03:50:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009.10.26 01:54:36 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009.10.26 02:16:19 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009.10.26 01:55:00 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009.10.30 14:33:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.10.26 01:54:19 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009.10.26 01:57:14 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009.10.26 01:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009.10.26 01:53:51 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009.10.26 01:54:16 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009.10.26 01:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009.10.26 08:06:09 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009.10.26 01:54:26 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009.10.26 01:55:06 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009.10.26 02:16:38 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2009.10.26 02:16:47 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek Sound Manager
[2009.10.26 02:03:05 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009.10.26 01:54:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009.10.26 01:53:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009.10.26 01:56:01 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009.10.26 01:57:14 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009.10.30 14:39:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009.10.30 14:33:08 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.10.30 14:33:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.10.26 23:42:39 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Corbas™\My Documents\RootRepeal.exe
[2009.10.26 16:51:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\My Documents\Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools_files
[2009.10.26 16:25:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009.10.26 16:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\My Documents\SDFix_files
[2009.10.26 16:04:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\My Documents\How To Use Sdfix_files
[2009.10.26 14:22:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\My Documents\i'm getting a TR Crypt.XPACK.Gen problem and it won't go away =( - MajorGeeks Support Forums_files
[2009.10.26 14:13:39 | 00,000,000 | ---D | C] -- C:\Avenger
[2009.10.26 14:09:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\Desktop\avenger
[2009.10.26 08:23:51 | 00,000,000 | ---D | C] -- C:\SDFix
[2009.10.26 08:22:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\Desktop\corbas,local settings,temp,zbpdhs.exe
[2009.10.26 08:05:26 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009.10.26 08:04:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\Desktop\undeleted trash
[2009.10.26 03:50:04 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009.10.26 03:50:00 | 00,000,000 | R--D | C] -- C:\Program Files
[2009.10.26 03:49:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009.10.26 03:49:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009.10.26 03:49:03 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009.10.26 03:49:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009.10.26 03:43:58 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009.10.26 03:43:58 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009.10.26 03:43:58 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009.10.26 03:43:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009.10.26 03:43:58 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009.10.26 02:21:17 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009.10.26 02:21:17 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009.10.26 02:21:17 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009.10.26 02:21:17 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009.10.26 02:21:17 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009.10.26 02:11:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Corbas™\My Documents\Downloads
[2009.10.26 02:03:03 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Corbas™\My Documents\My Music
[2009.10.26 02:03:02 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Corbas™\My Documents\My Pictures
[2009.10.26 02:01:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009.10.26 02:01:34 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009.10.26 02:01:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009.10.26 01:58:23 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009.10.26 01:58:23 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009.10.26 01:58:23 | 00,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009.10.26 01:57:46 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009.10.26 01:57:46 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009.10.26 01:57:46 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009.10.26 01:57:38 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009.10.26 01:57:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009.10.26 01:56:09 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009.10.26 01:56:09 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009.10.26 01:55:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009.10.26 01:55:35 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009.10.26 01:55:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009.10.26 01:55:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009.10.26 01:55:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009.10.26 01:55:00 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009.10.26 01:54:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009.10.26 01:54:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009.10.26 01:53:51 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2009.10.26 01:53:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009.10.26 01:53:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009.10.26 01:53:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009.10.26 01:53:35 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009.10.30 15:13:26 | 00,000,798 | RHS- | M] () -- C:\autorun.inf
[2009.10.30 15:13:09 | 00,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009.10.30 15:12:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.10.30 15:12:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.10.30 15:11:07 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-412668190-682003330-1003UA.job
[2009.10.30 14:59:21 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009.10.30 14:44:19 | 03,216,510 | -H-- | M] () -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\IconCache.db
[2009.10.30 14:33:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.10.30 14:14:56 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.10.26 23:47:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Corbas™\My Documents\settings.dat
[2009.10.26 23:42:52 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Corbas™\My Documents\RootRepeal.exe
[2009.10.26 23:40:22 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Corbas™\My Documents\dds.scr
[2009.10.26 16:51:41 | 00,103,832 | ---- | M] () -- C:\Documents and Settings\Corbas™\My Documents\Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools.htm
[2009.10.26 16:13:24 | 00,657,389 | ---- | M] () -- C:\Documents and Settings\Corbas™\My Documents\SDFix.htm
[2009.10.26 16:04:22 | 00,058,425 | ---- | M] () -- C:\Documents and Settings\Corbas™\My Documents\How To Use Sdfix.htm
[2009.10.26 14:22:41 | 00,123,208 | ---- | M] () -- C:\Documents and Settings\Corbas™\My Documents\i'm getting a TR Crypt.XPACK.Gen problem and it won't go away =( - MajorGeeks Support Forums.htm
[2009.10.26 14:08:45 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Corbas™\Desktop\avenger.zip
[2009.10.26 08:37:52 | 00,003,768 | -H-- | M] () -- C:\WINDOWS\System32\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
[2009.10.26 08:37:52 | 00,003,768 | -H-- | M] () -- C:\WINDOWS\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
[2009.10.26 08:37:52 | 00,003,768 | -H-- | M] () -- C:\Program Files\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
[2009.10.26 08:37:52 | 00,003,768 | -H-- | M] () -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
[2009.10.26 08:37:52 | 00,000,100 | -H-- | M] () -- C:\WINDOWS\System32\dxyvbxarppnmlnrdwlnom.vga
[2009.10.26 08:37:52 | 00,000,100 | -H-- | M] () -- C:\WINDOWS\dxyvbxarppnmlnrdwlnom.vga
[2009.10.26 08:37:52 | 00,000,100 | -H-- | M] () -- C:\Program Files\dxyvbxarppnmlnrdwlnom.vga
[2009.10.26 08:37:52 | 00,000,100 | -H-- | M] () -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\dxyvbxarppnmlnrdwlnom.vga
[2009.10.26 08:22:00 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Corbas™\Desktop\SDFix.exe
[2009.10.26 03:52:45 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009.10.26 03:50:00 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.10.26 02:20:23 | 33,961,728 | ---- | M] () -- C:\Documents and Settings\Corbas™\Desktop\avira_antivir_personal_en.exe
[2009.10.26 02:16:47 | 00,001,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AvRack.lnk
[2009.10.26 02:15:46 | 00,005,400 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.10.26 02:11:22 | 00,002,302 | ---- | M] () -- C:\Documents and Settings\Corbas™\Desktop\„Google Chrome“.lnk
[2009.10.26 02:11:00 | 00,000,948 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-412668190-682003330-1003Core.job
[2009.10.26 02:10:20 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\Corbas™\Desktop\BitLord.lnk
[2009.10.26 02:03:04 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.10.26 02:03:04 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.10.26 02:03:04 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.10.26 01:59:36 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009.10.26 01:59:26 | 00,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.26 01:58:50 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009.10.26 01:57:02 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009.10.26 01:57:02 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.10.26 01:57:02 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009.10.26 01:57:02 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.10.26 01:57:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009.10.26 01:57:02 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009.10.26 01:57:02 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009.10.26 01:56:54 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009.10.26 01:56:54 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009.10.26 01:56:54 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009.10.26 01:56:45 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009.10.26 01:56:09 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009.10.26 01:56:09 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009.10.26 01:54:42 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.10.26 01:54:35 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009.10.26 01:54:35 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009.10.26 01:53:02 | 00,000,211 | -HS- | M] () -- C:\boot.ini

========== Files - No Company Name ==========
[2009.10.30 15:13:26 | 00,000,798 | RHS- | C] () -- C:\autorun.inf
[2009.10.30 14:33:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.10.26 23:47:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Corbas™\My Documents\settings.dat
[2009.10.26 23:40:08 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Corbas™\My Documents\dds.scr
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\znizzpmxpjbunjhnajf.exe
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\sjhbexxlgdyuqpqzpbaytb.exe
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\znizzpmxpjbunjhnajf.exe
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\sjhbexxlgdyuqpqzpbaytb.exe
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\mbxpqhfrkfysmjipdnkg.exe
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\brohjbanhdxsnlltitroi.exe
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\obvlkzvfwpgyqlinzh.exe
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\mbxpqhfrkfysmjipdnkg.exe
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\yjbpmztbqhwmcvqt.exe
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\frkzxlgpfxnevplpa.exe
[2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\brohjbanhdxsnlltitroi.exe
[2009.10.26 17:19:55 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\obvlkzvfwpgyqlinzh.exe
[2009.10.26 17:19:55 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\yjbpmztbqhwmcvqt.exe
[2009.10.26 17:19:55 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\frkzxlgpfxnevplpa.exe
[2009.10.26 16:51:40 | 00,103,832 | ---- | C] () -- C:\Documents and Settings\Corbas™\My Documents\Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools.htm
[2009.10.26 16:13:23 | 00,657,389 | ---- | C] () -- C:\Documents and Settings\Corbas™\My Documents\SDFix.htm
[2009.10.26 16:04:21 | 00,058,425 | ---- | C] () -- C:\Documents and Settings\Corbas™\My Documents\How To Use Sdfix.htm
[2009.10.26 14:22:41 | 00,123,208 | ---- | C] () -- C:\Documents and Settings\Corbas™\My Documents\i'm getting a TR Crypt.XPACK.Gen problem and it won't go away =( - MajorGeeks Support Forums.htm
[2009.10.26 14:08:33 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Corbas™\Desktop\avenger.zip
[2009.10.26 08:37:52 | 00,003,768 | -H-- | C] () -- C:\WINDOWS\System32\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
[2009.10.26 08:37:52 | 00,003,768 | -H-- | C] () -- C:\WINDOWS\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
[2009.10.26 08:37:52 | 00,003,768 | -H-- | C] () -- C:\Program Files\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
[2009.10.26 08:37:52 | 00,003,768 | -H-- | C] () -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
[2009.10.26 08:37:52 | 00,000,100 | -H-- | C] () -- C:\WINDOWS\System32\dxyvbxarppnmlnrdwlnom.vga
[2009.10.26 08:37:52 | 00,000,100 | -H-- | C] () -- C:\WINDOWS\dxyvbxarppnmlnrdwlnom.vga
[2009.10.26 08:37:52 | 00,000,100 | -H-- | C] () -- C:\Program Files\dxyvbxarppnmlnrdwlnom.vga
[2009.10.26 08:37:52 | 00,000,100 | -H-- | C] () -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\dxyvbxarppnmlnrdwlnom.vga
[2009.10.26 08:21:34 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Corbas™\Desktop\SDFix.exe
[2009.10.26 08:08:01 | 03,216,510 | -H-- | C] () -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\IconCache.db
[2009.10.26 03:52:45 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2009.10.26 03:50:01 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009.10.26 03:50:01 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009.10.26 03:50:01 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009.10.26 03:50:01 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009.10.26 03:49:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009.10.26 03:49:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009.10.26 03:49:58 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009.10.26 03:49:58 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009.10.26 03:49:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009.10.26 03:49:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009.10.26 03:49:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009.10.26 03:49:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009.10.26 03:49:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009.10.26 03:49:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009.10.26 03:49:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009.10.26 03:49:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009.10.26 03:49:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009.10.26 03:49:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009.10.26 03:49:55 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009.10.26 03:49:55 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009.10.26 03:49:55 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009.10.26 03:49:55 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009.10.26 03:49:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009.10.26 03:49:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009.10.26 03:49:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009.10.26 03:49:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009.10.26 03:49:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009.10.26 03:49:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009.10.26 03:49:54 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009.10.26 03:49:54 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009.10.26 03:49:54 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009.10.26 03:49:54 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009.10.26 03:49:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009.10.26 03:49:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009.10.26 03:49:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009.10.26 03:49:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009.10.26 03:49:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009.10.26 03:49:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009.10.26 03:49:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009.10.26 03:49:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009.10.26 03:49:52 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009.10.26 03:49:52 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009.10.26 03:49:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009.10.26 03:49:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009.10.26 03:49:49 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009.10.26 03:49:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009.10.26 03:49:40 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009.10.26 03:49:40 | 00,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009.10.26 03:49:40 | 00,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009.10.26 03:49:40 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009.10.26 03:49:40 | 00,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009.10.26 03:49:40 | 00,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009.10.26 03:49:40 | 00,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009.10.26 03:49:40 | 00,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009.10.26 03:49:40 | 00,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009.10.26 03:49:40 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009.10.26 03:49:40 | 00,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009.10.26 03:49:40 | 00,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009.10.26 03:49:40 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009.10.26 03:49:40 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009.10.26 03:49:40 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009.10.26 03:49:39 | 02,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009.10.26 03:49:39 | 01,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2009.10.26 03:49:39 | 01,088,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009.10.26 03:49:39 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009.10.26 03:49:39 | 00,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009.10.26 03:49:02 | 00,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.26 03:48:26 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2009.10.26 03:48:22 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009.10.26 02:20:07 | 33,961,728 | ---- | C] () -- C:\Documents and Settings\Corbas™\Desktop\avira_antivir_personal_en.exe
[2009.10.26 02:16:56 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.10.26 02:16:51 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.10.26 02:16:51 | 00,141,016 | R--- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2009.10.26 02:16:47 | 00,001,519 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AvRack.lnk
[2009.10.26 02:16:43 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009.10.26 02:11:22 | 00,002,302 | ---- | C] () -- C:\Documents and Settings\Corbas™\Desktop\„Google Chrome“.lnk
[2009.10.26 02:10:19 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\Corbas™\Desktop\BitLord.lnk
[2009.10.26 02:06:13 | 00,001,000 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-412668190-682003330-1003UA.job
[2009.10.26 02:06:12 | 00,000,948 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-412668190-682003330-1003Core.job
[2009.10.26 02:04:30 | 00,003,596 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2009.10.26 02:04:29 | 00,001,391 | R--- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2009.10.26 02:04:11 | 00,810,056 | R--- | C] () -- C:\WINDOWS\System32\SATA.bmp
[2009.10.26 02:04:11 | 00,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2009.10.26 02:04:08 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.10.26 02:04:05 | 00,005,400 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.10.26 02:03:58 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.10.26 02:02:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Corbas™\Application Data\desktop.ini
[2009.10.26 02:01:34 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009.10.26 01:59:36 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009.10.26 01:58:50 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.10.26 01:58:40 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009.10.26 01:58:20 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009.10.26 01:58:20 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009.10.26 01:58:19 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009.10.26 01:58:07 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009.10.26 01:58:07 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009.10.26 01:58:02 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009.10.26 01:58:02 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009.10.26 01:58:00 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009.10.26 01:57:54 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009.10.26 01:57:51 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009.10.26 01:57:48 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009.10.26 01:57:40 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009.10.26 01:57:37 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009.10.26 01:57:37 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009.10.26 01:57:37 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009.10.26 01:57:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009.10.26 01:57:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009.10.26 01:57:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009.10.26 01:57:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009.10.26 01:57:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009.10.26 01:57:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009.10.26 01:57:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009.10.26 01:57:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009.10.26 01:57:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009.10.26 01:57:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009.10.26 01:57:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009.10.26 01:57:35 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009.10.26 01:57:35 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009.10.26 01:57:35 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009.10.26 01:57:35 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009.10.26 01:57:35 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009.10.26 01:57:35 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009.10.26 01:57:35 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009.10.26 01:57:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009.10.26 01:57:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009.10.26 01:57:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009.10.26 01:57:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009.10.26 01:57:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009.10.26 01:57:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009.10.26 01:57:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009.10.26 01:57:34 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009.10.26 01:57:34 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009.10.26 01:57:34 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009.10.26 01:57:34 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009.10.26 01:57:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009.10.26 01:57:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009.10.26 01:57:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009.10.26 01:57:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009.10.26 01:57:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009.10.26 01:57:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009.10.26 01:57:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009.10.26 01:57:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009.10.26 01:57:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009.10.26 01:57:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009.10.26 01:57:33 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009.10.26 01:57:33 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009.10.26 01:57:02 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009.10.26 01:57:02 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009.10.26 01:57:02 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009.10.26 01:57:02 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009.10.26 01:57:02 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009.10.26 01:56:54 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009.10.26 01:56:54 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009.10.26 01:56:52 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009.10.26 01:56:09 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009.10.26 01:56:09 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009.10.26 01:56:04 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009.10.26 01:55:54 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009.10.26 01:55:43 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009.10.26 01:55:43 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009.10.26 01:55:39 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009.10.26 01:55:12 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2009.10.26 01:54:42 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.10.26 01:54:07 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009.10.26 01:54:06 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009.10.26 01:54:06 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009.10.26 01:54:06 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009.10.26 01:54:06 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009.10.26 01:54:06 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009.10.26 01:54:06 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009.10.26 01:54:06 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009.10.26 01:54:06 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009.10.26 01:54:06 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009.10.26 01:54:06 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009.10.26 01:54:06 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009.10.26 01:54:05 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009.10.26 01:54:05 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009.10.26 01:54:05 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009.10.26 01:54:05 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009.10.26 01:54:05 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009.10.26 01:54:05 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009.10.26 01:54:05 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009.10.26 01:54:04 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009.10.26 01:54:04 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009.10.26 01:54:03 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009.10.26 01:53:59 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008.04.14 14:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2008.04.14 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009.10.30 14:50:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009.10.30 14:33:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009.10.30 14:33:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Corbas™\Application Data
[2009.10.26 03:49:41 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009.10.26 02:01:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009.10.26 01:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2008.04.14 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.10.26 02:11:00 | 00,000,948 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-412668190-682003330-1003Core.job
[2009.10.30 15:11:07 | 00,001,000 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-412668190-682003330-1003UA.job
[2009.10.30 15:12:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2008.04.14 14:00:00 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2008.04.14 14:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008.04.14 00:09:24 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008.04.14 14:00:00 | 00,138,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2005.10.26 10:08:26 | 03,786,944 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys
[2008.04.14 14:00:00 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008.04.14 14:00:00 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2008.04.14 14:00:00 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2004.08.13 04:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys
[2000.03.29 16:17:42 | 00,005,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
[2008.04.14 14:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008.04.14 14:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2008.04.14 14:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008.04.14 14:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2008.04.14 14:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001.08.17 15:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2009.02.13 12:17:49 | 00,045,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys
[2009.07.28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2009.02.13 12:29:11 | 00,022,360 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys
[2009.03.30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2008.04.14 14:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2008.04.14 14:00:00 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2008.04.14 14:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2008.04.14 14:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008.04.14 14:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008.04.14 14:00:00 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2008.04.14 14:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008.04.14 14:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2008.04.14 14:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008.04.14 14:00:00 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2008.04.14 14:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2008.04.14 14:00:00 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008.04.14 14:00:00 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008.04.14 14:00:00 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2008.04.14 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2008.04.14 02:15:02 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DMusic.sys
[2008.04.14 00:15:16 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2008.04.14 02:15:14 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2008.04.14 14:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008.04.14 14:00:00 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2008.04.14 14:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2008.04.14 14:00:00 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008.04.14 14:00:00 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2008.04.14 14:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2008.04.14 14:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008.04.14 14:00:00 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltMgr.sys
[2008.04.14 14:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2008.04.14 14:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2008.04.14 14:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008.04.14 02:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys
[2008.04.14 14:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2008.04.14 14:00:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008.04.14 14:00:00 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008.04.14 14:00:00 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2008.04.14 14:00:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2008.04.14 14:00:00 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2008.04.14 14:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008.04.14 14:00:00 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2008.04.14 14:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008.04.14 14:00:00 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008.04.14 14:00:00 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008.04.14 14:00:00 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008.04.14 14:00:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2008.04.14 14:00:00 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 14:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008.04.14 02:15:10 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008.04.14 00:46:38 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2008.04.14 14:00:00 | 00,092,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2009.09.10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2009.09.10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2008.04.14 14:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2008.04.14 14:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2008.04.14 14:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008.04.14 14:00:00 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2008.04.14 14:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2008.04.14 14:00:00 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008.04.14 14:00:00 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys
[2008.04.14 14:00:00 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008.04.14 14:00:00 | 00,456,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008.04.14 14:00:00 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2008.04.14 14:00:00 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008.04.14 02:09:54 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys
[2001.08.17 16:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys
[2008.04.14 02:09:52 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[2008.04.14 02:09:52 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPQM.sys
[2008.04.14 14:00:00 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008.04.14 14:00:00 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2008.04.14 14:00:00 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2008.04.14 14:00:00 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008.04.14 14:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008.04.14 14:00:00 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008.04.14 14:00:00 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008.04.14 14:00:00 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2008.04.14 14:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2008.04.14 14:00:00 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2008.04.14 14:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008.04.14 14:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008.04.14 14:00:00 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2008.04.14 14:00:00 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2008.04.14 14:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2009.09.27 16:12:22 | 07,655,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2005.04.05 21:22:28 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys
[2005.04.05 21:22:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys
[2005.04.05 21:22:12 | 00,261,888 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnrm.sys
[2005.04.05 21:22:02 | 00,208,256 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvsnpu.sys
[2008.04.14 14:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2008.04.14 14:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008.04.14 14:00:00 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2008.04.14 14:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2008.04.14 14:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008.04.14 14:00:00 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys
[2008.04.14 14:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008.04.14 14:00:00 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2008.04.14 14:00:00 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2008.04.14 14:00:00 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2008.04.14 14:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008.04.14 14:00:00 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2008.04.14 14:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2008.04.14 14:00:00 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008.04.14 14:00:00 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008.04.14 00:49:42 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2008.04.14 14:00:00 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2008.04.14 14:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2008.04.14 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2008.04.14 14:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008.04.14 14:00:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008.04.14 14:00:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008.04.14 14:00:00 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2008.04.14 14:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2008.04.14 14:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008.04.14 14:00:00 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2008.04.14 14:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008.04.14 00:02:52 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008.04.14 14:00:00 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2008.04.14 02:10:28 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2008.04.14 14:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2008.04.14 14:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008.04.14 14:00:00 | 00,202,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RMCast.sys
[2008.04.14 14:00:00 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008.04.14 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2008.04.14 14:00:00 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008.04.14 14:00:00 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2008.04.14 14:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008.04.14 14:00:00 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2008.04.14 14:00:00 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2008.04.14 14:00:00 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008.04.14 14:00:00 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008.04.14 14:00:00 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008.04.14 14:00:00 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008.04.14 14:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2008.04.14 14:00:00 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008.04.14 02:15:08 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2008.04.14 14:00:00 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2008.04.14 14:00:00 | 00,334,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2009.05.11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys
[2008.04.14 00:15:16 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2008.04.14 14:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2008.04.14 02:15:10 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008.04.14 02:45:56 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008.04.14 14:00:00 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008.04.14 14:00:00 | 00,361,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.04.14 14:00:00 | 00,225,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008.04.14 14:00:00 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2008.04.14 14:00:00 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008.04.14 14:00:00 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008.04.14 05:43:22 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2008.04.14 14:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2008.04.14 14:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008.04.14 14:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008.04.14 14:00:00 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2008.04.14 14:00:00 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2008.04.14 14:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008.04.14 14:00:00 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008.04.14 14:00:00 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008.04.14 14:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2008.04.14 14:00:00 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008.04.14 14:00:00 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008.04.14 14:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008.04.14 14:00:00 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008.04.14 14:00:00 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2008.04.14 14:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008.04.14 14:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2008.04.14 14:00:00 | 00,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008.04.14 14:00:00 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008.04.14 14:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2008.04.14 02:47:20 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2008.04.14 14:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2008.04.14 14:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< End of report >

Attached Files


Edited by Buckeye_Sam, 30 October 2009 - 04:33 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:50 PM

Posted 30 October 2009 - 04:50 PM

Please do not attach log files. Just copy and paste them directly into your reply.

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2009.10.30 15:13:01 | 00,688,128 | ---- | M] () -- C:\Documents and Settings\Corbas™\Local Settings\Temp\zbkpdhs.exe
    PRC - [2009.02.13 09:11:10 | 00,491,520 | RHS- | M] () -- C:\WINDOWS\System32\mbxpqhfrkfysmjipdnkg.exe
    O4 - HKLM..\Run: [mnvzmp] C:\WINDOWS\System32\yjbpmztbqhwmcvqt.exe ()
    O4 - HKLM..\Run: [qxlvoxnrcpam] C:\Documents and Settings\Corbas™\Local Settings\Temp\obvlkzvfwpgyqlinzh.exe ()
    O4 - HKU\S-1-5-21-117609710-412668190-682003330-1003..\Run: [fjubrxklt] C:\WINDOWS\System32\brohjbanhdxsnlltitroi.exe ()
    O4 - HKU\S-1-5-21-117609710-412668190-682003330-1003..\Run: [mnvzmp] C:\Documents and Settings\Corbas™\Local Settings\Temp\frkzxlgpfxnevplpa.exe ()
    O4 - HKLM..\RunOnce: [tzmvnvknxjt] C:\Documents and Settings\Corbas™\Local Settings\Temp\yjbpmztbqhwmcvqt.exe ()
    O4 - HKLM..\RunOnce: [zbkpdhs] C:\WINDOWS\System32\frkzxlgpfxnevplpa.exe ()
    O4 - HKU\S-1-5-21-117609710-412668190-682003330-1003..\RunOnce: [ydpxovjluf] C:\WINDOWS\System32\frkzxlgpfxnevplpa.exe ()
    O4 - HKU\S-1-5-21-117609710-412668190-682003330-1003..\RunOnce: [zbkpdhs] C:\Documents and Settings\Corbas™\Local Settings\Temp\znizzpmxpjbunjhnajf.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
    O7 - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O32 - AutoRun File - [2009.10.30 15:13:26 | 00,000,798 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009.10.30 15:13:26 | 00,000,806 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\yhnxzhl.bat -- [2009.06.14 04:46:27 | 00,491,520 | RHS- | M] ()
    O33 - MountPoints2\D\Shell\explore\Command - "" = D:\sfpdjvduxit.bat -- [2009.06.11 12:08:49 | 00,491,520 | RHS- | M] ()
    O33 - MountPoints2\D\Shell\open\Command - "" = D:\epxjnxdst.bat -- [2009.02.13 09:11:10 | 00,491,520 | RHS- | M] ()
    [2009.10.26 08:37:52 | 00,003,768 | -H-- | M] () -- C:\WINDOWS\System32\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
    [2009.10.26 08:37:52 | 00,003,768 | -H-- | M] () -- C:\WINDOWS\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
    [2009.10.26 08:37:52 | 00,003,768 | -H-- | M] () -- C:\Program Files\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
    [2009.10.26 08:37:52 | 00,003,768 | -H-- | M] () -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
    [2009.10.26 08:37:52 | 00,000,100 | -H-- | M] () -- C:\WINDOWS\System32\dxyvbxarppnmlnrdwlnom.vga
    [2009.10.26 08:37:52 | 00,000,100 | -H-- | M] () -- C:\WINDOWS\dxyvbxarppnmlnrdwlnom.vga
    [2009.10.26 08:37:52 | 00,000,100 | -H-- | M] () -- C:\Program Files\dxyvbxarppnmlnrdwlnom.vga
    [2009.10.26 08:37:52 | 00,000,100 | -H-- | M] () -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\dxyvbxarppnmlnrdwlnom.vga
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\znizzpmxpjbunjhnajf.exe
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\sjhbexxlgdyuqpqzpbaytb.exe
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\znizzpmxpjbunjhnajf.exe
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\sjhbexxlgdyuqpqzpbaytb.exe
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\mbxpqhfrkfysmjipdnkg.exe
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\brohjbanhdxsnlltitroi.exe
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\obvlkzvfwpgyqlinzh.exe
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\mbxpqhfrkfysmjipdnkg.exe
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\yjbpmztbqhwmcvqt.exe
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\frkzxlgpfxnevplpa.exe
    [2009.10.26 17:19:56 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\brohjbanhdxsnlltitroi.exe
    [2009.10.26 17:19:55 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\obvlkzvfwpgyqlinzh.exe
    [2009.10.26 17:19:55 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\yjbpmztbqhwmcvqt.exe
    [2009.10.26 17:19:55 | 00,491,520 | RHS- | C] () -- C:\WINDOWS\System32\frkzxlgpfxnevplpa.exe
    [2009.10.26 08:37:52 | 00,003,768 | -H-- | C] () -- C:\WINDOWS\System32\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
    [2009.10.26 08:37:52 | 00,003,768 | -H-- | C] () -- C:\WINDOWS\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
    [2009.10.26 08:37:52 | 00,003,768 | -H-- | C] () -- C:\Program Files\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
    [2009.10.26 08:37:52 | 00,003,768 | -H-- | C] () -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue
    [2009.10.26 08:37:52 | 00,000,100 | -H-- | C] () -- C:\WINDOWS\System32\dxyvbxarppnmlnrdwlnom.vga
    [2009.10.26 08:37:52 | 00,000,100 | -H-- | C] () -- C:\WINDOWS\dxyvbxarppnmlnrdwlnom.vga
    [2009.10.26 08:37:52 | 00,000,100 | -H-- | C] () -- C:\Program Files\dxyvbxarppnmlnrdwlnom.vga
    [2009.10.26 08:37:52 | 00,000,100 | -H-- | C] () -- C:\Documents and Settings\Corbas™\Local Settings\Application Data\dxyvbxarppnmlnrdwlnom.vga
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

==========================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 corbasz

corbasz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 08 November 2009 - 11:23 AM

All processes killed

========== OTL ==========

Process zbkpdhs.exe killed successfully!

No active process named mbxpqhfrkfysmjipdnkg.exe was found!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mnvzmp deleted successfully.

C:\WINDOWS\system32\yjbpmztbqhwmcvqt.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qxlvoxnrcpam deleted successfully.

File C:\Documents and Settings\Corbas™\Local Settings\Temp\obvlkzvfwpgyqlinzh.exe not found.

Registry value HKEY_USERS\S-1-5-21-117609710-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\fjubrxklt deleted successfully.

C:\WINDOWS\system32\brohjbanhdxsnlltitroi.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-117609710-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\mnvzmp deleted successfully.

File C:\Documents and Settings\Corbas™\Local Settings\Temp\frkzxlgpfxnevplpa.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tzmvnvknxjt deleted successfully.

File C:\Documents and Settings\Corbas™\Local Settings\Temp\yjbpmztbqhwmcvqt.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\zbkpdhs deleted successfully.

C:\WINDOWS\system32\frkzxlgpfxnevplpa.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-117609710-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ydpxovjluf deleted successfully.

File C:\WINDOWS\System32\frkzxlgpfxnevplpa.exe not found.

Registry value HKEY_USERS\S-1-5-21-117609710-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\zbkpdhs deleted successfully.

File C:\Documents and Settings\Corbas™\Local Settings\Temp\znizzpmxpjbunjhnajf.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.

Registry value HKEY_USERS\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.

Registry value HKEY_USERS\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_USERS\S-1-5-21-117609710-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.

C:\autorun.inf moved successfully.

D:\autorun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.

D:\yhnxzhl.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.

D:\sfpdjvduxit.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.

D:\epxjnxdst.bat moved successfully.

C:\WINDOWS\system32\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue moved successfully.

C:\WINDOWS\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue moved successfully.

C:\Program Files\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue moved successfully.

File C:\Documents and Settings\Corbas™\Local Settings\Application Data\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue not found.

C:\WINDOWS\system32\dxyvbxarppnmlnrdwlnom.vga moved successfully.

C:\WINDOWS\dxyvbxarppnmlnrdwlnom.vga moved successfully.

C:\Program Files\dxyvbxarppnmlnrdwlnom.vga moved successfully.

File C:\Documents and Settings\Corbas™\Local Settings\Application Data\dxyvbxarppnmlnrdwlnom.vga not found.

C:\WINDOWS\znizzpmxpjbunjhnajf.exe moved successfully.

C:\WINDOWS\sjhbexxlgdyuqpqzpbaytb.exe moved successfully.

C:\WINDOWS\system32\znizzpmxpjbunjhnajf.exe moved successfully.

C:\WINDOWS\system32\sjhbexxlgdyuqpqzpbaytb.exe moved successfully.

C:\WINDOWS\system32\mbxpqhfrkfysmjipdnkg.exe moved successfully.

File C:\WINDOWS\System32\brohjbanhdxsnlltitroi.exe not found.

C:\WINDOWS\obvlkzvfwpgyqlinzh.exe moved successfully.

C:\WINDOWS\mbxpqhfrkfysmjipdnkg.exe moved successfully.

C:\WINDOWS\yjbpmztbqhwmcvqt.exe moved successfully.

C:\WINDOWS\frkzxlgpfxnevplpa.exe moved successfully.

C:\WINDOWS\brohjbanhdxsnlltitroi.exe moved successfully.

C:\WINDOWS\system32\obvlkzvfwpgyqlinzh.exe moved successfully.

File C:\WINDOWS\System32\yjbpmztbqhwmcvqt.exe not found.

File C:\WINDOWS\System32\frkzxlgpfxnevplpa.exe not found.

File C:\WINDOWS\System32\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue not found.

File C:\WINDOWS\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue not found.

File C:\Program Files\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue not found.

File C:\Documents and Settings\Corbas™\Local Settings\Application Data\ydpxovjlufoyivkhllyktpyuzltkrfhq.kue not found.

File C:\WINDOWS\System32\dxyvbxarppnmlnrdwlnom.vga not found.

File C:\WINDOWS\dxyvbxarppnmlnrdwlnom.vga not found.

File C:\Program Files\dxyvbxarppnmlnrdwlnom.vga not found.

File C:\Documents and Settings\Corbas™\Local Settings\Application Data\dxyvbxarppnmlnrdwlnom.vga not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: All Users

 

User: Corbas™

->Temp folder emptied: 28306327 bytes

->Temporary Internet Files folder emptied: 133275854 bytes

->Google Chrome cache emptied: 15207116 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2402044 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

Windows Temp folder emptied: 448 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 171,02 mb

 

 

OTL by OldTimer - Version 3.1.4.0 log created on 11082009_151919



Files\Folders moved on Reboot...



Registry entries deleted on Reboot...
finally!!!I think u save my pc. THX alot for it!! :(

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:50 PM

Posted 08 November 2009 - 11:28 AM

I won't be able to confirm that unless you follow the rest of the steps and post the logs that I asked for.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users