Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

X-Force Generator.exe Rootkit


  • This topic is locked This topic is locked
8 replies to this topic

#1 MatthewR77

MatthewR77

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 31 October 2009 - 05:00 PM

I went to this site hxxp://megasecuredownload.com/download.html which is now down and downloaded X-Force Generator.exe, obviously unaware that it was really a rootkit. Since then I have run many different programs in an attempt to clear it out before resetting possibly caused more issues. Before/During/After I downloaded, I have had an up-to-date version of Norton Internet Security with all options enabled. The only program I ran that found anything was Windows Defender. It found and removed the following:

Trojan:Win32/Alureon.CT
C:\Users\Matthew\AppData\Local\Temp\4868.tmp

Using another program I do not recall, I was able to find in its log a file buried in User/Appdata...with a name of x-force generator1.exe. I renamed this and then used a secure delete program to remove it.

All other scan tools have not revealed anything.

RootRepeal does not work on my 64bit OS so I can't put a log on here.
If there is another tool that you suggest, I will certainly do so. I had trouble finding programs that worked with 64bit or ones that didn't have initialization errors or immediate "program has stopped working" errors.

However, I do have the following additional logs if you would like:
Spyholeslist Regrunlog
HJT Startup log
HJT "hijackthis" log
GMER log (Very short)
Win32kDiag log ("WARNING: Could not get backup privileges!" and "Cannot access: C:\Win...")


DDS LOG

DDS (Ver_09-10-26.01) - NTFSX64
Run by Matthew at 16:22:10.80 on Sat 10/31/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2097 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Prevx\prevx.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP HDX Mouse\hid.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\REGEDIT.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Matthew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files (x86)\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\16.7.2.11\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [UnHackMe Monitor] c:\program files (x86)\unhackme\hackmon.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP HDX Mouse] "c:\program files (x86)\hp hdx mouse\hid.exe"
mRun: [OpwareSE4] "c:\program files (x86)\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Elite Antikeylogger] c:\program files (x86)\widestep software\elite antikeylogger 3.0 [build 123]\elite antikeylogger\wseakadm.exe
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files (x86)\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://88.247.210.37/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton internet security\engine\16.7.2.11\CoIEPlg.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-10-29 34656]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1007020.00b\SymEFA64.sys [2009-8-31 402992]
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\nisx64\1007020.00b\BHDrvx64.sys [2009-8-31 334384]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1007020.00b\cchpx64.sys [2009-8-31 583296]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091021.001\IDSviA64.sys [2009-10-22 466480]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-10-29 6493720]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2008-12-18 198240]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-8-31 117640]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-10-29 47528]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-8 132656]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-10-29 22296]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nisx64\1007020.00b\symndisv.sys [2009-8-31 56880]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111vx.sys [2009-7-2 1075712]
S2 Elite Antikeylogger monitoring service;Elite Antikeylogger monitoring service;c:\program files (x86)\widestep software\elite antikeylogger 3.0 [build 123]\elite antikeylogger\wseaksrv.exe [2006-12-29 679936]
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2009-6-14 10240]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-10-6 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 GamingMsFltr;HP HDX Mouse;c:\windows\system32\drivers\gamingms.sys [2008-12-18 11008]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50a64.sys [2008-12-24 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\drivers\PCASp50a64.sys [2008-12-24 41280]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity64.sys [2009-10-31 35896]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-10-31 15:10:22 0 d-----w- c:\program files (x86)\Trend Micro
2009-10-31 14:20:20 0 d-----w- c:\program files (x86)\Flyos
2009-10-31 14:19:41 0 d-----w- c:\program files (x86)\Widestep Software
2009-10-31 14:19:17 0 ----a-w- c:\windows\syswow64\wseak.wsk
2009-10-31 11:23:45 0 d-----w- c:\users\matthew\Pavark
2009-10-31 11:11:26 35896 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2009-10-31 11:11:26 0 d-----w- c:\program files\SanityCheck
2009-10-31 10:42:49 134 ----a-w- c:\windows\rootkitno.ini
2009-10-31 10:22:00 105 ----a-w- c:\windows\syswow64\Partizan.RRI
2009-10-31 10:22:00 0 d-----w- c:\windows\RestoreSafeDeleted
2009-10-31 10:17:14 0 d-----w- C:\RootkitNO
2009-10-31 10:16:19 2 --shatr- c:\windows\winstart.bat
2009-10-31 10:16:19 2 --shatr- c:\windows\syswow64\CONFIG.NT
2009-10-31 10:16:19 2 --shatr- c:\windows\syswow64\AUTOEXEC.NT
2009-10-31 10:16:04 35040 ----a-w- c:\windows\syswow64\Partizan.exe
2009-10-31 10:15:50 0 d-----w- c:\program files (x86)\UnHackMe
2009-10-29 21:22:36 238960 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 21:02:38 47528 ----a-w- c:\windows\system32\drivers\pxrts.sys
2009-10-29 21:02:38 34656 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-10-29 21:02:38 22296 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2009-10-29 21:02:37 0 d-----w- c:\program files\Prevx
2009-10-29 20:59:25 52 ----a-w- c:\windows\wininit.ini
2009-10-29 20:59:25 0 d-----w- c:\programdata\PrevxCSI
2009-10-28 12:47:05 0 d-----w- c:\windows\syswow64\spool
2009-10-28 12:47:05 0 d-----w- c:\program files\Windows Portable Devices
2009-10-28 12:47:05 0 d-----w- c:\program files (x86)\Windows Portable Devices
2009-10-28 12:46:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-28 11:43:59 87552 ----a-w- c:\windows\syswow64\WPDShServiceObj.dll
2009-10-28 11:42:32 4096 ----a-w- c:\windows\syswow64\oleaccrc.dll
2009-10-28 11:42:32 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-28 11:42:31 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-28 11:42:31 555520 ----a-w- c:\windows\syswow64\UIAutomationCore.dll
2009-10-28 11:42:31 315904 ----a-w- c:\windows\system32\oleacc.dll
2009-10-28 11:42:31 234496 ----a-w- c:\windows\syswow64\oleacc.dll
2009-10-28 11:05:48 92672 ----a-w- c:\windows\syswow64\UIAnimation.dll
2009-10-28 11:05:48 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-28 11:05:41 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2009-10-28 11:05:41 3023360 ----a-w- c:\windows\syswow64\UIRibbon.dll
2009-10-28 11:05:41 1164800 ----a-w- c:\windows\syswow64\UIRibbonRes.dll
2009-10-28 11:05:41 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-28 11:04:48 10626560 ----a-w- c:\windows\syswow64\wmp.dll
2009-10-28 11:04:47 372736 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 11:04:47 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2009-10-28 11:04:44 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-28 11:04:44 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-10-26 14:52:50 821494 ----a-w- c:\users\matthew\me.bmp
2009-10-26 14:52:17 38987 ----a-w- c:\users\matthew\mee.jpg
2009-10-25 08:46:11 0 d-----r- c:\program files (x86)\Skype
2009-10-22 12:06:04 0 d-----w- c:\programdata\Raxco
2009-10-22 12:05:57 0 d-----w- c:\program files\Raxco
2009-10-22 12:05:07 0 d-----w- c:\program files (x86)\Raxco
2009-10-22 02:29:25 0 d-----w- c:\program files (x86)\IObit
2009-10-14 02:01:33 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 02:01:33 60928 ----a-w- c:\windows\syswow64\msasn1.dll
2009-10-14 02:01:28 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-13 05:49:24 42296364 ----a-w- c:\users\matthew\N C Runthrough.wav
2009-10-13 05:31:04 13289 ----a-w- c:\users\matthew\N C Runthrough.aup.bak
2009-10-13 05:31:04 13289 ----a-w- c:\users\matthew\N C Runthrough.aup
2009-10-13 05:31:04 0 d-----w- c:\users\matthew\N C Runthrough_data
2009-10-08 07:52:55 17708288 ----a-w- c:\users\matthew\Winds of Change.wav
2009-10-08 06:06:25 0 d-----w- c:\program files (x86)\gs
2009-10-07 17:08:30 260872 ----a-w- c:\windows\system32\PDBoot.exe
2009-10-07 00:41:44 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-10-07 00:41:01 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2009-10-07 00:41:00 98816 ----a-w- c:\windows\system32\wudriver.dll
2009-10-07 00:41:00 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2009-10-07 00:41:00 35552 ----a-w- c:\windows\syswow64\wups.dll
2009-10-07 00:40:50 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-10-07 00:40:50 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-10-07 00:40:50 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-07 00:40:50 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-10-06 15:35:11 0 d-----w- c:\windows\syswow64\vi-VN
2009-10-06 15:35:11 0 d-----w- c:\windows\syswow64\eu-ES
2009-10-06 15:35:11 0 d-----w- c:\windows\syswow64\ca-ES
2009-10-06 15:35:11 0 d-----w- c:\windows\system32\eu-ES
2009-10-06 15:35:11 0 d-----w- c:\windows\system32\ca-ES
2009-10-06 15:35:10 0 d-----w- c:\windows\system32\vi-VN
2009-10-06 05:34:30 0 d-----w- c:\windows\system32\EventProviders
2009-10-06 05:29:59 67584 ----a-w- c:\windows\syswow64\slwmi.dll
2009-10-06 05:28:59 60416 ----a-w- c:\windows\system32\vss_ps.dll
2009-10-06 05:27:31 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-06 05:27:31 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-06 05:27:31 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-06 05:27:30 936448 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-06 05:27:27 293888 ----a-w- c:\windows\system32\wdscore.dll
2009-10-06 05:27:27 138752 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-06 05:27:15 315904 ----a-w- c:\windows\system32\drvstore.dll
2009-10-06 00:45:22 0 d-----w- c:\program files (x86)\Microsoft

==================== Find3M ====================

2009-10-31 15:44:10 33069 ----a-w- c:\programdata\nvModes.dat
2009-10-29 08:52:44 189480 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2009-10-28 12:47:02 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-28 12:47:02 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-28 12:47:01 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-28 12:47:01 143360 ----a-w- c:\windows\inf\infstor.dat
2009-10-06 05:42:03 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\syswow64\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\syswow64\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\syswow64\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\syswow64\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\syswow64\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\syswow64\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\syswow64\PortableDeviceClassExtension.dll
2009-10-01 00:52:29 2727936 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 00:52:10 453120 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 00:52:02 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 00:51:59 110080 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 00:51:56 37888 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 00:51:54 573440 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 00:51:50 433152 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 00:51:46 218624 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 00:51:45 77824 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 00:51:45 113152 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 00:51:40 107008 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 00:51:34 214528 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-09-25 02:27:43 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\syswow64\WindowsCodecs.dll
2009-09-25 02:10:01 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:09:10 411648 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\syswow64\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\syswow64\PhotoMetadataHandler.dll
2009-09-25 02:00:39 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:56:42 643072 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\syswow64\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\syswow64\XpsPrint.dll
2009-09-25 01:40:43 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:40:07 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:39:09 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\syswow64\OpcServices.dll
2009-09-25 01:36:16 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\syswow64\XpsGdiConverter.dll
2009-09-25 01:36:08 1548800 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:35:49 328192 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:35:48 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\syswow64\XpsRasterService.dll
2009-09-25 01:34:58 1269248 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:33:48 792576 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\syswow64\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\syswow64\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\syswow64\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\syswow64\dxdiag.exe
2009-09-25 01:32:22 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:53 519680 ----a-w- c:\windows\syswow64\d3d11.dll
2009-09-25 01:31:53 196608 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:51 326656 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:47 625664 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:31:41 287744 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:31:36 981504 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\syswow64\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\syswow64\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\syswow64\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\syswow64\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\syswow64\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\syswow64\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\syswow64\d3d10core.dll
2009-09-25 01:27:18 893440 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\syswow64\DWrite.dll
2009-09-25 01:26:38 47616 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:26:26 1548800 ----a-w- c:\windows\system32\DWrite.dll
2009-09-25 01:26:26 1142272 ----a-w- c:\windows\system32\FntCache.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\syswow64\winspool.drv
2009-09-16 23:49:02 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-16 23:49:02 342016 ----a-w- c:\windows\system32\winspool.drv
2009-09-16 23:49:02 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-15 10:13:17 794408 ----a-w- c:\windows\syswow64\pbsvc.exe
2009-09-15 10:13:17 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2009-09-11 04:35:59 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2009-09-11 04:35:59 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2009-09-11 04:35:59 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2009-09-10 17:09:22 269312 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-08-29 02:42:33 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-29 00:50:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-08-27 05:52:18 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:47:24 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:47:23 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-08-27 05:22:15 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-08-27 05:20:52 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-08-27 05:18:40 5940224 ----a-w- c:\windows\syswow64\mshtml.dll
2009-08-27 05:18:37 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-08-27 05:18:37 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-08-27 05:18:00 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-08-27 05:17:43 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-08-27 05:17:43 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-07-24 20:52:45 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-04-27 21:34:02 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\mshist012009042720090428\index.dat
2009-07-24 20:52:45 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-24 20:52:45 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-17 06:35:48 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-05-29 11:21:08 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009052920090530\index.dat
2009-06-06 06:47:33 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060620090607\index.dat
2009-06-19 03:40:11 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061820090619\index.dat
2009-06-20 23:46:01 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009062020090621\index.dat
2009-07-14 20:43:39 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071420090715\index.dat
2009-07-21 23:15:37 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009072120090722\index.dat
2008-12-18 23:05:06 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:22:21.86 ===============



Thank you for your assistance!

-Matt

Attached Files


Edited by Orange Blossom, 31 October 2009 - 07:44 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:34 PM

Posted 07 November 2009 - 05:02 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 MatthewR77

MatthewR77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 08 November 2009 - 12:07 AM

I'm here.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:34 PM

Posted 08 November 2009 - 09:50 AM

Hi MatthewR77,

Not much runs on 64 bit, and to be honest that's partly because not much malware exists for it.


There is nothing showing in your logs but we can take a better look with OTL

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
If we find anything we can remove it :(

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 MatthewR77

MatthewR77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 08 November 2009 - 11:25 PM

Only 1 log showed up. (Nothing minimized)



OTL logfile created on: 11/8/2009 5:24:37 PM - Run 3
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Matthew\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 45.72% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.70 Gb Total Space | 483.81 Gb Free Space | 70.35% Space Free | Partition Type: NTFS
Drive D: | 10.93 Gb Total Space | 1.47 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
Drive E: | 642.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTHEW-PC
Current User Name: Matthew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/08 17:24:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
PRC - [2009/10/28 09:14:46 | 00,238,304 | ---- | M] (Greatis Software) -- C:\Program Files (x86)\UnHackMe\hackmon.exe
PRC - [2009/09/15 04:13:17 | 00,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/09/10 08:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/09/10 08:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/09/10 08:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/09/10 08:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/09/10 08:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/09/10 08:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/09/10 08:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/09/10 08:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/09/10 08:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/26 23:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 23:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 23:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 23:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 23:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 23:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 23:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 23:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/22 01:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/22 01:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/22 01:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/22 01:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/22 01:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/22 01:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/22 01:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/17 00:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/17 00:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/12/08 14:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/11/03 17:21:18 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 17:21:16 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/03 17:21:16 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/03 17:21:16 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/03 17:21:16 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/30 12:18:28 | 00,225,280 | ---- | M] () -- C:\Program Files (x86)\HP HDX Mouse\hid.exe
PRC - [2007/05/29 17:19:06 | 00,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe
PRC - [2007/04/18 09:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/03/21 13:19:40 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/03/21 13:19:40 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/03/21 13:19:40 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/03/21 13:19:40 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/03/21 13:19:40 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (SafeList) ==========

MOD - [2009/11/08 17:24:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
MOD - [2009/07/17 07:54:43 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/04/11 00:28:25 | 01,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/04/11 00:28:24 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/04/11 00:28:18 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2009/04/11 00:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 20:52:09 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/20 20:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/20 20:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2005/12/19 19:16:10 | 00,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/29 15:02:37 | 06,493,720 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV:64bit: - [2009/10/07 11:08:14 | 01,486,088 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2009/10/07 11:08:10 | 01,503,496 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2009/10/04 17:53:34 | 00,039,424 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer)
SRV:64bit: - [2009/09/24 19:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/01/20 20:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2008/01/20 20:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/10/18 02:30:18 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/15 04:13:17 | 00,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/08/22 01:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/08/17 00:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/03/29 22:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/29 22:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/02/18 12:40:04 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 12:39:11 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/11/03 17:21:18 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/01/20 20:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 20:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2007/05/29 17:19:06 | 00,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2006/11/02 09:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 07:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 00:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 00:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/10/29 15:02:38 | 00,047,528 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2009/10/29 15:02:38 | 00,034,656 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan)
DRV:64bit: - [2009/10/29 15:02:38 | 00,022,296 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf)
DRV:64bit: - [2009/09/10 22:35:59 | 00,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/09/08 19:54:26 | 00,583,296 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/08/22 01:21:19 | 00,476,720 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/08/22 01:21:19 | 00,402,992 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1007020.00B\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2009/08/22 01:21:19 | 00,334,384 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/22 01:21:19 | 00,278,576 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/08/22 01:21:19 | 00,120,880 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/08/22 01:21:19 | 00,056,880 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\Drivers\NISx64\1007020.00B\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/08/22 01:21:19 | 00,032,304 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1007020.00B\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2009/08/22 01:21:19 | 00,031,280 | R--- | M] (Symantec Corporation) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/08/20 10:11:38 | 00,101,904 | ---- | M] (Raxco Software, Inc.) -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2009/06/14 07:55:15 | 00,010,240 | ---- | M] (OSA Technologies, An Avocent Company) -- C:\Windows\SysNative\drivers\osaio.sys -- (osaio)
DRV:64bit: - [2009/03/07 20:23:54 | 00,035,896 | ---- | M] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\DRIVERS\rspSanity64.sys -- (rspSanity)
DRV:64bit: - [2008/12/04 19:48:52 | 00,407,064 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/09/09 19:19:36 | 00,025,888 | ---- | M] (PC-Doctor, Inc.) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/08/04 23:21:48 | 01,075,712 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\DRIVERS\WPN111vx.sys -- (WPN111)
DRV:64bit: - [2008/01/16 12:53:00 | 00,011,008 | ---- | M] (Primax Ltd) -- C:\Windows\SysNative\drivers\gamingms.sys -- (GamingMsFltr)
DRV:64bit: - [2008/01/14 10:56:22 | 00,313,472 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/06/20 13:57:36 | 00,029,184 | ---- | M] (Motorola) -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2006/11/28 21:46:20 | 00,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006/11/28 21:46:20 | 00,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2009/10/31 04:21:56 | 00,024,416 | ---- | M] (Greatis Software) -- C:\Windows\SysWOW64\drivers\regguard.sys -- (RegGuard)
DRV - [2009/10/31 04:16:04 | 00,034,760 | ---- | M] (Greatis Software) -- C:\Windows\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2009/10/28 16:37:21 | 00,466,992 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/08/26 02:00:00 | 00,475,696 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/08/26 02:00:00 | 00,132,656 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 02:00:00 | 01,742,896 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091108.002\EX64.SYS -- (NAVEX15)
DRV - [2009/08/25 02:00:00 | 00,116,272 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091108.002\ENG64.SYS -- (NAVENG)
DRV - [2007/02/07 12:27:46 | 00,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006/09/18 15:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 15:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4262038629-2779511017-4088992696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKU\S-1-5-21-4262038629-2779511017-4088992696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-4262038629-2779511017-4088992696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-4262038629-2779511017-4088992696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4262038629-2779511017-4088992696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4262038629-2779511017-4088992696-1000\S-1-5-21-4262038629-2779511017-4088992696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 06:00:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/12 16:04:44 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4262038629-2779511017-4088992696-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP HDX Mouse] C:\Program Files (x86)\HP HDX Mouse\hid.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4262038629-2779511017-4088992696-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4262038629-2779511017-4088992696-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4262038629-2779511017-4088992696-1000..\Run: [UnHackMe Monitor] C:\Program Files (x86)\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {00000130-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/ACELPACM.CAB (Reg Error: Key error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/01/31 12:16:00 | 00,299,008 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001/09/12 18:18:08 | 00,000,040 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2001/08/30 18:55:46 | 00,189,819 | R--- | M] () - E:\autorun.pcx -- [ CDFS ]
O33 - MountPoints2\{e544b71b-cd59-11dd-9bf3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e544b71b-cd59-11dd-9bf3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2002/01/31 12:16:00 | 00,299,008 | R--- | M] ()
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\SysWow64\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (settings...) - File not found
O34 - HKLM BootExecute: (ountPoints2\L\Shell) - File not found
O34 - HKLM BootExecute: (nts2\K) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/05 22:33:27 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
[2009/11/04 13:38:43 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/04 13:38:42 | 09,236,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/11/04 13:38:42 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/11/04 13:38:41 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/11/03 13:16:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2009/10/31 15:24:02 | 00,472,064 | ---- | C] ( ) -- C:\Users\Matthew\Desktop\RootRepeal.exe
[2009/10/31 14:50:20 | 00,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\LOGS
[2009/10/31 09:10:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/31 09:04:34 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Matthew\Desktop\HJTInstall.exe
[2009/10/31 08:53:01 | 00,472,064 | ---- | C] ( ) -- C:\Users\Matthew\Desktop\tatertot.scr.exe
[2009/10/31 08:18:38 | 02,539,520 | ---- | C] (Widestep Security Software) -- C:\Users\Matthew\Desktop\wseak_setup.exe
[2009/10/31 05:42:02 | 00,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Helios-Lite
[2009/10/31 05:37:03 | 00,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Helios
[2009/10/31 05:23:45 | 00,000,000 | ---D | C] -- C:\Users\Matthew\Pavark
[2009/10/31 05:11:26 | 00,035,896 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspSanity64.sys
[2009/10/31 05:11:26 | 00,000,000 | ---D | C] -- C:\Program Files\SanityCheck
[2009/10/31 04:22:18 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\RegRunInfo
[2009/10/31 04:22:00 | 00,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2009/10/31 04:21:56 | 00,024,416 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2009/10/31 04:17:14 | 00,000,000 | ---D | C] -- C:\RootkitNO
[2009/10/31 04:16:04 | 00,035,040 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2009/10/31 04:16:04 | 00,034,760 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2009/10/31 04:16:00 | 00,000,000 | ---D | C] -- C:\Users\Matthew\Documents\RegRun2
[2009/10/31 04:15:55 | 00,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2009/10/31 04:15:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2009/10/29 15:22:36 | 00,238,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/10/29 15:02:38 | 00,047,528 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2009/10/29 15:02:38 | 00,034,656 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2009/10/29 15:02:38 | 00,022,296 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2009/10/29 15:02:37 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/10/29 15:02:20 | 01,030,088 | ---- | C] (Prevx) -- C:\Users\Matthew\Desktop\PREVXCSIFREE64.EXE
[2009/10/29 14:59:25 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2009/10/29 14:59:25 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2009/10/29 14:54:07 | 00,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Symantec
[2009/10/28 06:47:05 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2009/10/28 06:47:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/10/28 06:47:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2009/10/28 05:44:59 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2009/10/28 05:44:59 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2009/10/28 05:44:59 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2009/10/28 05:44:59 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winspool.drv
[2009/10/28 05:44:58 | 00,893,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2009/10/28 05:44:58 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2009/10/28 05:44:57 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2009/10/28 05:44:57 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2009/10/28 05:44:57 | 00,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2009/10/28 05:44:57 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2009/10/28 05:44:57 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2009/10/28 05:44:57 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2009/10/28 05:44:57 | 00,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2009/10/28 05:44:57 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2009/10/28 05:44:57 | 00,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2009/10/28 05:44:57 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2009/10/28 05:44:57 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2009/10/28 05:44:57 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2009/10/28 05:44:57 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2009/10/28 05:44:57 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2009/10/28 05:44:57 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2009/10/28 05:44:56 | 03,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2009/10/28 05:44:56 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2009/10/28 05:44:56 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2009/10/28 05:44:56 | 01,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2009/10/28 05:44:56 | 01,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2009/10/28 05:44:56 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2009/10/28 05:44:56 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2009/10/28 05:44:56 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2009/10/28 05:44:56 | 00,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2009/10/28 05:44:56 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2009/10/28 05:44:56 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2009/10/28 05:44:56 | 00,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2009/10/28 05:44:56 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2009/10/28 05:44:56 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2009/10/28 05:44:56 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2009/10/28 05:44:56 | 00,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2009/10/28 05:44:56 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2009/10/28 05:44:56 | 00,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2009/10/28 05:44:56 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2009/10/28 05:44:56 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2009/10/28 05:44:56 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2009/10/28 05:44:56 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2009/10/28 05:44:56 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2009/10/28 05:44:56 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2009/10/28 05:44:56 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2009/10/28 05:44:55 | 01,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2009/10/28 05:44:55 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2009/10/28 05:44:55 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2009/10/28 05:44:07 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2009/10/28 05:44:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2009/10/28 05:44:05 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdbusenum.dll
[2009/10/28 05:44:05 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2009/10/28 05:44:00 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2009/10/28 05:43:59 | 02,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2009/10/28 05:43:59 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2009/10/28 05:43:59 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2009/10/28 05:43:59 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2009/10/28 05:43:59 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2009/10/28 05:43:59 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2009/10/28 05:43:59 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShServiceObj.dll
[2009/10/28 05:43:59 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2009/10/28 05:43:58 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2009/10/28 05:43:58 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2009/10/28 05:43:58 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2009/10/28 05:43:58 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2009/10/28 05:43:58 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2009/10/28 05:43:58 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2009/10/28 05:43:58 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2009/10/28 05:43:58 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2009/10/28 05:42:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2009/10/28 05:42:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2009/10/28 05:42:31 | 00,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2009/10/28 05:42:31 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2009/10/28 05:42:31 | 00,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2009/10/28 05:42:31 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleacc.dll
[2009/10/28 05:05:48 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2009/10/28 05:05:48 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2009/10/28 05:05:41 | 03,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2009/10/28 05:05:41 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2009/10/28 05:05:41 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2009/10/28 05:05:41 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2009/10/28 05:04:48 | 10,626,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/28 05:04:47 | 00,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unregmp2.exe
[2009/10/28 05:04:47 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/28 05:04:46 | 13,428,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/10/28 05:04:44 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/10/28 05:04:44 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/25 02:46:11 | 00,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2009/10/22 06:06:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2009/10/22 06:06:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2009/10/22 06:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Raxco
[2009/10/22 06:05:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco
[2009/10/22 05:52:49 | 51,022,400 | ---- | C] (Raxco Software, Inc. ) -- C:\Users\Matthew\Desktop\PD10_WS.exe
[2009/10/21 20:29:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2009/10/13 20:02:52 | 04,698,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 20:02:41 | 12,461,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 20:02:40 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 20:02:40 | 02,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009/10/13 20:02:40 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/13 20:02:40 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 20:02:39 | 01,484,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 20:02:39 | 01,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/10/13 20:02:39 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 20:02:39 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/13 20:02:39 | 00,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/13 20:02:39 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/13 20:02:39 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2009/10/13 20:02:39 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/13 20:02:38 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/13 20:02:38 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/13 20:02:38 | 00,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2009/10/13 20:02:38 | 00,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2009/10/13 20:02:38 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/13 20:02:38 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 20:02:38 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/13 20:02:38 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/13 20:02:38 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2009/10/13 20:02:38 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/13 20:02:38 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/13 20:02:38 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/13 20:02:38 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/13 20:02:38 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/13 20:02:37 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009/10/13 20:02:37 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/13 20:02:37 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009/10/13 20:02:37 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009/10/13 20:02:37 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/13 20:02:37 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/13 20:02:37 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009/10/13 20:02:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/13 20:02:37 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/13 20:02:31 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 20:02:31 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 20:02:28 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 20:02:27 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 20:01:33 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 20:01:33 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/13 20:01:28 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/12 23:31:04 | 00,000,000 | ---D | C] -- C:\Users\Matthew\N C Runthrough_data
[2009/10/12 22:30:49 | 00,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\AIM
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/08 17:25:25 | 04,456,448 | -HS- | M] () -- C:\Users\Matthew\NTUSER.DAT
[2009/11/08 17:24:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
[2009/11/08 16:50:32 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8212D45-1436-4EE4-90CD-BA9B620A565E}.job
[2009/11/08 16:46:03 | 00,033,069 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/08 16:46:03 | 00,033,069 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/08 16:46:02 | 00,033,069 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/08 16:46:02 | 00,033,069 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/08 16:46:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/08 00:21:13 | 00,189,480 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/11/08 00:21:13 | 00,189,480 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/11/07 09:54:44 | 00,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMatthew.job
[2009/11/04 15:41:15 | 00,695,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/04 15:41:15 | 00,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/04 15:41:15 | 00,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/04 15:36:32 | 00,356,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/04 15:35:49 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/04 15:33:27 | 00,524,288 | -HS- | M] () -- C:\Users\Matthew\NTUSER.DAT{e4d8297b-d1aa-11dd-b742-0023548b2e32}.TMContainer00000000000000000001.regtrans-ms
[2009/11/04 15:33:27 | 00,065,536 | -HS- | M] () -- C:\Users\Matthew\NTUSER.DAT{e4d8297b-d1aa-11dd-b742-0023548b2e32}.TM.blf
[2009/11/04 15:33:25 | 03,762,201 | -H-- | M] () -- C:\Users\Matthew\AppData\Local\IconCache.db
[2009/11/04 15:08:59 | 00,000,754 | ---- | M] () -- C:\Users\Matthew\Desktop\CoreTemp.ini
[2009/11/04 13:25:54 | 00,000,438 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Matthew - Full System Scan.job
[2009/11/03 21:32:40 | 00,000,856 | ---- | M] () -- C:\Users\Public\Desktop\nHancer.lnk
[2009/11/03 21:31:15 | 00,099,208 | ---- | M] () -- C:\Users\Matthew\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/03 14:34:20 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/11/03 14:34:20 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/11/02 10:35:34 | 00,001,460 | ---- | M] () -- C:\Users\Matthew\AppData\Local\d3d9caps64.dat
[2009/11/01 15:36:30 | 00,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2009/11/01 14:07:38 | 00,025,088 | ---- | M] () -- C:\Users\Matthew\Desktop\check.doc
[2009/10/31 15:24:04 | 00,472,064 | ---- | M] ( ) -- C:\Users\Matthew\Desktop\RootRepeal.exe
[2009/10/31 15:23:59 | 00,007,256 | ---- | M] () -- C:\Users\Matthew\AppData\Local\Temp22.html
[2009/10/31 15:23:49 | 00,001,293 | ---- | M] () -- C:\Users\Matthew\AppData\Local\Temp1.html
[2009/10/31 15:11:57 | 00,000,000 | ---- | M] () -- C:\Users\Matthew\Desktop\67j7ksnk.reg
[2009/10/31 15:11:52 | 00,000,000 | ---- | M] () -- C:\Users\Matthew\Desktop\67j7ksnk.bat
[2009/10/31 09:10:23 | 00,001,930 | ---- | M] () -- C:\Users\Matthew\Desktop\HijackThis.lnk
[2009/10/31 09:04:38 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Matthew\Desktop\HJTInstall.exe
[2009/10/31 08:56:25 | 00,047,616 | ---- | M] () -- C:\Users\Matthew\Desktop\Win32kDiag.exe
[2009/10/31 08:53:05 | 00,472,064 | ---- | M] ( ) -- C:\Users\Matthew\Desktop\tatertot.scr.exe
[2009/10/31 08:18:38 | 02,539,520 | ---- | M] (Widestep Security Software) -- C:\Users\Matthew\Desktop\wseak_setup.exe
[2009/10/31 06:05:15 | 00,000,134 | ---- | M] () -- C:\Windows\rootkitno.ini
[2009/10/31 05:40:49 | 00,211,389 | ---- | M] () -- C:\Users\Matthew\Desktop\Helios-Lite.zip
[2009/10/31 05:36:49 | 00,453,891 | ---- | M] () -- C:\Users\Matthew\Desktop\Helios.zip
[2009/10/31 05:11:26 | 00,000,713 | ---- | M] () -- C:\Users\Matthew\Desktop\SanityCheck.lnk
[2009/10/31 05:10:17 | 00,350,458 | ---- | M] () -- C:\Users\Matthew\Desktop\RKDetector2.zip
[2009/10/31 04:52:27 | 00,291,328 | ---- | M] () -- C:\Users\Matthew\Desktop\67j7ksnk.exe
[2009/10/31 04:32:38 | 00,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/31 04:32:38 | 00,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/31 04:27:38 | 00,000,105 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2009/10/31 04:21:56 | 00,024,416 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2009/10/31 04:16:19 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2009/10/31 04:16:19 | 00,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2009/10/31 04:16:19 | 00,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2009/10/31 04:16:04 | 00,035,040 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2009/10/31 04:16:04 | 00,034,760 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2009/10/31 04:15:57 | 00,000,784 | ---- | M] () -- C:\Users\Matthew\Desktop\UnHackMe.lnk
[2009/10/29 15:13:57 | 00,035,012 | ---- | M] () -- C:\Users\Matthew\Documents\BACKUPcc_20091029_161334.reg
[2009/10/29 15:08:58 | 00,000,052 | ---- | M] () -- C:\Windows\wininit.ini
[2009/10/29 15:02:38 | 00,047,528 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2009/10/29 15:02:38 | 00,034,656 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2009/10/29 15:02:38 | 00,022,296 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2009/10/29 15:02:26 | 01,030,088 | ---- | M] (Prevx) -- C:\Users\Matthew\Desktop\PREVXCSIFREE64.EXE
[2009/10/29 12:46:38 | 00,000,789 | ---- | M] () -- C:\Users\Matthew\Desktop\Buddy Spy.lnk
[2009/10/28 09:15:02 | 00,012,752 | ---- | M] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2009/10/28 06:46:50 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/25 02:46:12 | 00,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/10/25 01:59:59 | 00,000,458 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2009/10/23 00:17:07 | 00,120,267 | ---- | M] () -- C:\Users\Matthew\Desktop\Matthew Reimer ParaResume.pdf
[2009/10/23 00:17:07 | 00,006,011 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\PrimoPDFSet.xml
[2009/10/22 06:06:20 | 00,002,020 | ---- | M] () -- C:\Users\Public\Desktop\PerfectDisk 10.lnk
[2009/10/22 05:52:49 | 51,022,400 | ---- | M] (Raxco Software, Inc. ) -- C:\Users\Matthew\Desktop\PD10_WS.exe
[2009/10/21 20:29:26 | 00,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2009/10/21 20:14:52 | 09,236,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/21 16:36:56 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/10/21 04:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/21 03:35:06 | 02,869,014 | ---- | M] () -- C:\Users\Matthew\Desktop\Winds of Change.mp3
[2009/10/21 02:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/13 17:09:37 | 00,013,289 | ---- | M] () -- C:\Users\Matthew\N C Runthrough.aup
[2009/10/13 14:39:51 | 00,013,289 | ---- | M] () -- C:\Users\Matthew\N C Runthrough.aup.bak
[2009/10/12 23:49:26 | 42,296,364 | ---- | M] () -- C:\Users\Matthew\N C Runthrough.wav
[2009/10/12 22:55:01 | 00,002,553 | ---- | M] () -- C:\Users\Public\Desktop\Sibelius 5.lnk
[2009/10/09 19:00:42 | 00,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/31 15:11:57 | 00,000,000 | ---- | C] () -- C:\Users\Matthew\Desktop\67j7ksnk.reg
[2009/10/31 15:11:52 | 00,000,000 | ---- | C] () -- C:\Users\Matthew\Desktop\67j7ksnk.bat
[2009/10/31 09:10:23 | 00,001,930 | ---- | C] () -- C:\Users\Matthew\Desktop\HijackThis.lnk
[2009/10/31 08:56:24 | 00,047,616 | ---- | C] () -- C:\Users\Matthew\Desktop\Win32kDiag.exe
[2009/10/31 08:31:26 | 00,007,256 | ---- | C] () -- C:\Users\Matthew\AppData\Local\Temp22.html
[2009/10/31 05:40:47 | 00,211,389 | ---- | C] () -- C:\Users\Matthew\Desktop\Helios-Lite.zip
[2009/10/31 05:36:46 | 00,453,891 | ---- | C] () -- C:\Users\Matthew\Desktop\Helios.zip
[2009/10/31 05:11:56 | 00,001,293 | ---- | C] () -- C:\Users\Matthew\AppData\Local\Temp1.html
[2009/10/31 05:11:26 | 00,000,713 | ---- | C] () -- C:\Users\Matthew\Desktop\SanityCheck.lnk
[2009/10/31 05:10:12 | 00,350,458 | ---- | C] () -- C:\Users\Matthew\Desktop\RKDetector2.zip
[2009/10/31 04:52:20 | 00,291,328 | ---- | C] () -- C:\Users\Matthew\Desktop\67j7ksnk.exe
[2009/10/31 04:42:49 | 00,000,134 | ---- | C] () -- C:\Windows\rootkitno.ini
[2009/10/31 04:22:00 | 00,000,105 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI
[2009/10/31 04:16:19 | 00,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2009/10/31 04:16:19 | 00,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2009/10/31 04:16:19 | 00,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2009/10/31 04:15:57 | 00,000,784 | ---- | C] () -- C:\Users\Matthew\Desktop\UnHackMe.lnk
[2009/10/29 15:13:42 | 00,035,012 | ---- | C] () -- C:\Users\Matthew\Documents\BACKUPcc_20091029_161334.reg
[2009/10/29 14:59:25 | 00,000,052 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/29 14:11:47 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/29 14:11:47 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/29 12:46:38 | 00,000,789 | ---- | C] () -- C:\Users\Matthew\Desktop\Buddy Spy.lnk
[2009/10/28 06:46:50 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/25 02:46:12 | 00,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/10/23 00:17:06 | 00,120,267 | ---- | C] () -- C:\Users\Matthew\Desktop\Matthew Reimer ParaResume.pdf
[2009/10/22 06:06:19 | 00,002,020 | ---- | C] () -- C:\Users\Public\Desktop\PerfectDisk 10.lnk
[2009/10/21 20:29:26 | 00,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2009/10/12 23:49:24 | 42,296,364 | ---- | C] () -- C:\Users\Matthew\N C Runthrough.wav
[2009/10/12 23:31:04 | 00,013,289 | ---- | C] () -- C:\Users\Matthew\N C Runthrough.aup.bak
[2009/10/12 23:31:04 | 00,013,289 | ---- | C] () -- C:\Users\Matthew\N C Runthrough.aup
[2009/10/11 02:44:07 | 02,869,014 | ---- | C] () -- C:\Users\Matthew\Desktop\Winds of Change.mp3
[2009/10/05 23:30:16 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/05 23:29:29 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/01 15:27:37 | 01,869,252 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_NET_Framework35_x64_MSI3062.txt
[2009/09/01 15:26:22 | 00,158,180 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/01 15:26:13 | 00,392,862 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_dotnetfx35install.txt
[2009/09/01 15:26:13 | 00,000,002 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_dotnetfx35error.txt
[2009/08/29 14:02:24 | 00,033,069 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/29 14:02:24 | 00,033,069 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/29 04:54:33 | 00,220,428 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_ATL90SP1_KB973924MSI6B55.txt
[2009/07/29 04:54:33 | 00,011,696 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_ATL90SP1_KB973924UI6B55.txt
[2009/07/29 04:54:21 | 00,218,386 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_ATL90SP1_KB973924MSI6B2D.txt
[2009/07/29 04:54:21 | 00,011,680 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_ATL90SP1_KB973924UI6B2D.txt
[2009/07/29 03:44:48 | 00,523,458 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_ATL80SP1_KB973923MSI35EF.txt
[2009/07/29 03:44:47 | 00,011,744 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_ATL80SP1_KB973923UI35EF.txt
[2009/07/29 03:44:32 | 00,520,530 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_ATL80SP1_KB973923MSI35BB.txt
[2009/07/29 03:44:31 | 00,011,680 | ---- | C] () -- C:\Users\Matthew\AppData\Local\dd_ATL80SP1_KB973923UI35BB.txt
[2009/06/24 07:55:33 | 00,000,000 | ---- | C] () -- C:\ProgramData\leverage.drm.log
[2009/06/14 06:06:44 | 03,762,201 | -H-- | C] () -- C:\Users\Matthew\AppData\Local\IconCache.db
[2009/05/29 05:20:56 | 00,000,648 | ---- | C] () -- C:\ProgramData\tmp493C.log
[2009/05/29 05:16:24 | 00,006,011 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\PrimoPDFSet.xml
[2009/04/26 22:13:36 | 00,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/04/03 17:02:31 | 00,038,436 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/04/03 16:45:45 | 00,022,225 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\Microsoft Excel.ADR
[2009/04/03 14:19:50 | 00,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/03/21 03:01:23 | 00,000,150 | ---- | C] () -- C:\Windows\Song_w.ini
[2009/03/11 23:58:55 | 00,000,276 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/02/16 23:50:12 | 00,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/02/16 23:50:11 | 00,795,648 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/02/16 23:50:11 | 00,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/02/16 23:50:10 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/02/16 23:50:09 | 00,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/02/16 23:50:09 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/01/19 19:49:06 | 00,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/01/17 00:03:23 | 00,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2009/01/16 04:19:17 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009/01/09 00:54:52 | 00,000,431 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/01/07 19:22:35 | 00,000,604 | -H-- | C] () -- C:\ProgramData\T2
[2009/01/07 19:22:35 | 00,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2009/01/04 10:14:25 | 00,023,888 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\UserTile.png
[2009/01/03 21:15:54 | 00,222,720 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/01 01:48:21 | 00,000,059 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/12/27 02:28:53 | 00,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/26 00:16:27 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/24 05:08:21 | 00,001,460 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps64.dat
[2008/12/24 03:14:32 | 00,099,208 | ---- | C] () -- C:\Users\Matthew\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/18 17:23:19 | 00,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/12/18 17:23:19 | 00,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 20:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 09:07:25 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 09:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 09:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 09:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:34:27 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Matthew\Phone0346.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Matthew\Phone0150.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Matthew\Lily rocks.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Matthew\city_coucil_fart.flv:TOC.WMV
< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:34 PM

Posted 09 November 2009 - 05:25 PM

Yes, there are rootkit files in that log.

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Thanks :(
Posted Image
m0le is a proud member of UNITE

#7 MatthewR77

MatthewR77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 09 November 2009 - 11:28 PM

The option to scan "running processes" is grayed out, as is "extensive scan".
The program did not find any files that needed to be deleted...
Is there another program you would like me to run?

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 11/9/2009 at 21:18:08 PM
User "Matthew" on computer "MATTHEW-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\ProgramData\Norton\00000082\000000FB\000002C6\cltLMS1.dat
Hidden: file C:\ProgramData\Norton\00000082\000000FB\000002C6\cltLMS2.dat
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ISSetup.dll
Hidden: file C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HKQQ0VCS\57000677,114ced5ff88edbc,ce_general_wallpapersthemes,;;kw=;tile=1;ord1=734131;sz=300x250,336x280;contx=ce_general_wallpapersthemes;btg=;ord=5835808465368841[1]
Hidden: file C:\Users\Matthew\AppData\Local\Microsoft\Windows Live Contacts\{d0e92766-d789-4701-9137-2a8d9eafef85}\DBStore\tempedb.edb
Hidden: file C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBO7G161\57000678,114ced5ff88edbc,ce_general_wallpapersthemes,;;kw=;tile=2;ord1=883808;sz=300x250,336x280;contx=ce_general_wallpapersthemes;btg=;ord=5835808465368841[1]
Hidden: file C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBO7G161\e_jquery-scrollTo_jquery-color_jquery-pxtoem_spellChecker_Class_throttle_comments_dialog_App_PermaLink,PermaLink_App_PermaLink,PermaLinkThrottle_App_Ads,Ads[1]
Hidden: file C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HKQQ0VCS\ral_wallpapersthemes_L;;kw=;tile=1;ord1=548080;sz=300x250,336x280;contx=ce_general_wallpapersthemes;btg=ns[1].ce_general_wallpapersthemes_L;ord=990422205850779
Hidden: file C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1VJ1NTLY\ral_wallpapersthemes_L;;kw=;tile=2;ord1=717249;sz=300x250,336x280;contx=ce_general_wallpapersthemes;btg=ns[1].ce_general_wallpapersthemes_L;ord=990422205850779
Hidden: file C:\Program Files (x86)\uTorrent\uTorrent.exe
Hidden: file C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZK6D9BYZ\genre=ModernBigBand;toplevelgenre=Jazz;loc=rotw[1].artistpage;section=Artist;placement=A4;sz=174x150;subplan=0;pmt=n;login=false;anon=false;pcode=false;ord=664855;
Hidden: file C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A48BPOOF\subplan0;env=production;cat=music;rhapweb=y;userfreeplay=n;prod=rhapsody;artist=62133;artistname=BuddyRich;genre=ModernBigBand;toplevelgenre=Jazz;loc=rotw[1].htm
Hidden: file C:\Downloads\Software\utorrent.exe
Info: Starting disk scan of D: (NTFS).
Hidden: file D:\hp\apps\APP19284\src\MSWorks\en\msworks\PFiles\MSWorks\lnchtour.exe
Stopped logging on 11/9/2009 at 22:24:26 PM

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:34 PM

Posted 10 November 2009 - 04:40 PM

Nope, 64 bit scanning is much more easy to call clean. There are no rootkits or malware files on the system.

You're clean. Good stuff! :(

Let's do some clearing up

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it MatthewR77, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:34 PM

Posted 15 November 2009 - 05:40 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users