Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virut?


  • This topic is locked This topic is locked
23 replies to this topic

#1 adambrown

adambrown

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 27 November 2009 - 04:20 AM

I have a Dell Inspiron 2200 laptop running WinXP SP2 (Pentium M 1.55Ghz, 500MB RAM, 25GB HD). For an antivirus program, I use AVG. Several weeks ago, AVG started finding different files that were infected, most of them with Win32/Virut. It also found the following:

Adware Generic4.BWU
Trojan horse Agent2.VVX
Trojan horse Downloader.Delf.DIK
Trojan horse Downloader.Generic8.BZRC
Trojan horse Downloader.Generic9.KMT
Virus Win32/Heur
Virus Win32/Parite
Virus Worm/VB.FLN

AVG took care of the other ones. For Virut, I checked AVG's website and they recommended downloading a special remover for it (rmvirut.exe), so I downloaded it and ran it. At first it said that the virus is loaded into memory and it would reboot and scan and repair before Windows boots up. It did so and found approx. 28000 files infected (mostly .exe's), no clean files, and cleaned them all. However, every time it booted into Windows, all those files would get reinfected. I booted into UBCD4WIN and ran the remover from there with the same results.

At that point I don't remember exactly what I did. I believe that I ran Ez-Pc-Fix (www.ezpcfix.net) and deleted all sorts of suspicious things from the registry. I knew I was on the right track when HijackThis which originally would only run when renamed, started working with original name. I then ran the Virut Remover in UBCD4WIN and it cleaned everything. I booted into Windows, and everything seemed fine; AVG did not find anything wrong. Just in case I had deleted some system files, or the virus had corrupted them, I did a Rebuild Re-install of Windows (see here). Even though Setup crashed when it tried to boot into Windows, I rebooted and now Windows appears to work fine.

I know that everyone says that the only way to get rid of Virut is with a low-level reformat, but it does seem that it is gone. I just would like to ask if someone could look over these logs and tell me if they see anything suspicious.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:03 AM, on 11/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Gemach Computer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-341943289-924988582-3446032598-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Network Chat AutoStart.lnk = C:\Program Files\Global Devtech\Network Chat\Network Chat.exe
O4 - Global Startup: UVNCServer.lnk = C:\Program Files\UltraVNC\winvnc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://gemach/tsweb/msrdp.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdnet.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe (file missing)

--
End of file - 5500 bytes



OTL logfile created on: 11/25/2009 2:45:10 PM - Run 2
OTL by OldTimer - Version 3.1.6.0 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 122.54 Mb Available Physical Memory | 24.34% Memory free
1.20 Gb Paging File | 0.86 Gb Available in Paging File | 71.80% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.04 Gb Total Space | 2.84 Gb Free Space | 11.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 977.72 Mb Total Space | 877.31 Mb Free Space | 89.73% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEMACH
Current User Name: Gemach Computer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/20 03:31:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2009/11/10 21:54:40 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/10 21:54:40 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/10 21:54:40 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/10 21:54:29 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/10 21:54:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/12/29 22:22:36 | 01,692,224 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2008/02/19 12:10:32 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/02/19 12:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/07/24 14:17:08 | 00,227,389 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
PRC - [2004/08/04 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/14 00:35:50 | 00,536,576 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/05/13 10:23:56 | 00,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/02/14 05:48:06 | 00,299,008 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2002/01/24 04:09:56 | 00,173,664 | ---- | M] () -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2000/08/08 12:32:12 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/20 03:31:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2004/08/04 07:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 05:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004/05/13 10:23:50 | 00,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (W3SVC)
SRV - File not found -- -- (r_server)
SRV - File not found -- -- (IISADMIN)
SRV - File not found -- -- (Apple Mobile Device)
SRV - [2009/11/10 21:54:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/02/19 12:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/07/24 14:17:08 | 00,227,389 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2004/08/04 05:00:00 | 00,046,080 | ---- | M] (FTD2XX Software Technology) -- C:\WINDOWS\system32\BtwSrv.dll -- (BtwSrv)
SRV - [2004/08/04 05:00:00 | 00,045,056 | ---- | M] (Netopsystems AG) -- C:\WINDOWS\system32\FastNetSrv.exe -- (fastnetsrv)
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/04/01 22:08:30 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2002/02/14 05:48:06 | 00,299,008 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2000/08/08 12:32:12 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)


========== Driver Services (SafeList) ==========

DRV - [2009/11/10 21:54:56 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/10 21:54:55 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/07/30 00:51:30 | 00,277,736 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/02/18 10:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007/07/24 05:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/31 08:33:46 | 00,005,632 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 07:00:28 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2005/06/21 11:06:53 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/03/21 20:48:30 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2005/03/10 22:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/03/03 00:14:18 | 00,004,736 | ---- | M] (RDV Soft) -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/11/02 23:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/09/09 20:42:00 | 00,007,552 | ---- | M] (PortalPlayer, Inc.) -- C:\WINDOWS\system32\drivers\YH-820.sys -- (PortlUSB)
DRV - [2004/08/18 14:53:54 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 07:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 07:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 07:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 07:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 07:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 07:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 07:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 07:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 07:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 07:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 07:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 07:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 07:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 07:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 07:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/17 20:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 20:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 20:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/13 10:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/03/24 10:12:44 | 00,004,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/17 18:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/02/13 16:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2004/02/10 20:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2002/11/28 21:23:24 | 00,039,048 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2)
DRV - [2001/10/01 22:37:40 | 00,017,432 | ---- | M] (lecs Inc.) -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-341943289-924988582-3446032598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-341943289-924988582-3446032598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-341943289-924988582-3446032598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-341943289-924988582-3446032598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-341943289-924988582-3446032598-1005\S-1-5-21-341943289-924988582-3446032598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-341943289-924988582-3446032598-1005\S-1-5-21-341943289-924988582-3446032598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (715 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-341943289-924988582-3446032598-1005\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Chat AutoStart.lnk = C:\Program Files\Global Devtech\Network Chat\Network Chat.exe (Global DevTech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UVNCServer.lnk = C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-341943289-924988582-3446032598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-341943289-924988582-3446032598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://gemach/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdnet.dll) - C:\WINDOWS\system32\kbdnet.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/27 00:15:06 | 00,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{286ec7d3-18df-11de-abc6-00123f0e6ac0}\Shell - "" = AutoRun
O33 - MountPoints2\{286ec7d3-18df-11de-abc6-00123f0e6ac0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{286ec7d3-18df-11de-abc6-00123f0e6ac0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{286ec7d4-18df-11de-abc6-00123f0e6ac0}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{286ec7d4-18df-11de-abc6-00123f0e6ac0}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\Shell\AutoRun\command - "" = E:\ypsniox.exe -- File not found
O33 - MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\Shell\explore\Command - "" = E:\ypsniox.exe -- File not found
O33 - MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\Shell\open\Command - "" = E:\ypsniox.exe -- File not found
O33 - MountPoints2\{6893feb8-1be8-11dd-ab71-00123f0e6ac0}\Shell - "" = AutoRun
O33 - MountPoints2\{6893feb8-1be8-11dd-ab71-00123f0e6ac0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6893feb8-1be8-11dd-ab71-00123f0e6ac0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fdab3506-bcdd-11de-ac01-00123f0e6ac0}\Shell - "" = AutoRun
O33 - MountPoints2\{fdab3506-bcdd-11de-ac01-00123f0e6ac0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fdab3506-bcdd-11de-ac01-00123f0e6ac0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fdab3507-bcdd-11de-ac01-00123f0e6ac0}\Shell\Auto\command - "" = F:\fun.xls.exe -- File not found
O33 - MountPoints2\{fdab3507-bcdd-11de-ac01-00123f0e6ac0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fdab3512-bcdd-11de-ac01-00123f0e6ac0}\Shell\Auto\command - "" = E:\fun.xls.exe -- File not found
O33 - MountPoints2\{fdab3512-bcdd-11de-ac01-00123f0e6ac0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Programs\nu2menu\nu2menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2022/11/24 15:08:43 | 00,000,000 | ---D | C] -- C:\Program Files\CR8
[2009/11/25 08:53:00 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/11/22 23:42:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gemach Computer\Desktop\iastor
[2009/11/22 23:42:43 | 00,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/11/22 23:36:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/11/22 20:32:38 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/11/22 20:32:37 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/11/22 20:32:37 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/11/22 20:32:35 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/11/22 20:32:35 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/11/22 20:32:34 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/11/22 20:32:32 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/11/22 20:32:32 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/11/22 20:32:28 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/11/22 20:32:28 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/11/22 20:32:27 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/11/22 20:32:27 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/11/22 20:32:17 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/11/22 20:32:17 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/11/22 20:32:15 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/11/22 20:32:11 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/11/22 20:32:11 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/11/22 20:32:11 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/11/22 20:32:10 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/11/22 20:32:09 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/11/22 20:32:09 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/11/22 20:32:09 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/11/22 20:32:03 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/11/22 20:32:01 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/11/22 20:31:56 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/11/22 20:31:56 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/11/22 20:31:55 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/11/22 20:31:55 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/11/22 20:31:55 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/11/22 20:31:55 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/11/22 20:31:55 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/11/22 20:31:55 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2009/11/22 20:31:55 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/11/22 20:31:54 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/11/22 20:31:54 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2009/11/22 20:31:53 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/11/22 20:31:52 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/11/22 20:31:52 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/11/22 20:31:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/11/22 20:31:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/11/22 20:31:52 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/11/22 20:31:52 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/11/22 20:31:52 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/11/22 20:31:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/11/22 20:31:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/11/22 20:31:51 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/11/22 20:31:51 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/11/22 20:31:51 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/11/22 20:31:51 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/11/22 20:31:51 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/11/22 20:31:51 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/11/22 20:31:51 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/11/22 20:31:51 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/11/22 20:31:50 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/11/22 20:31:42 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/11/22 20:31:40 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/11/22 20:31:37 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/11/22 20:31:37 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/11/22 20:31:37 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/11/22 20:31:37 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/11/22 20:31:33 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/11/22 20:31:30 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/11/22 20:31:30 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/11/22 20:31:25 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/11/22 20:31:24 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/11/22 20:31:24 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/11/22 20:31:24 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/11/22 20:31:18 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/11/22 20:31:18 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/11/22 20:31:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/11/22 20:31:17 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/11/22 20:31:17 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/11/22 20:31:17 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/11/22 20:31:17 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/11/22 20:31:15 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/11/22 20:31:13 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/11/22 20:31:13 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/11/22 20:31:13 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/11/22 20:31:13 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/11/22 20:31:11 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2009/11/22 20:31:03 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/11/22 20:30:55 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/11/22 20:30:43 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/11/22 20:30:43 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/11/22 20:30:21 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/11/22 20:30:21 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/11/22 20:30:19 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/11/22 20:30:17 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/11/22 20:30:16 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/11/22 20:30:15 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/11/22 20:30:13 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/11/22 20:30:09 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/11/22 20:30:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/11/22 20:30:09 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/11/22 20:30:08 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/11/22 20:30:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/11/22 20:30:07 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/11/22 20:30:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/11/22 20:30:04 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/11/22 20:30:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/11/22 20:30:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/11/22 20:30:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/11/22 20:30:03 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/11/22 20:30:01 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/11/22 20:29:59 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/11/22 20:29:58 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2009/11/22 20:29:57 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/11/22 20:29:57 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/11/22 20:29:56 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/11/22 20:29:56 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/11/22 20:29:56 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/11/22 20:29:56 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/11/22 20:29:55 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/11/22 20:29:55 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/11/22 20:29:55 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/11/22 20:29:55 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/11/22 20:29:55 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/11/22 20:29:54 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/11/22 20:29:54 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/11/22 20:29:54 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/11/22 20:29:54 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/11/22 20:29:54 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/11/22 20:29:53 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/11/22 20:29:53 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/11/22 20:29:53 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/11/22 20:29:53 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/11/22 20:29:53 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/11/22 20:29:53 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/11/22 20:29:53 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/11/22 20:29:48 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2009/11/22 20:29:41 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/11/22 20:29:30 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/11/22 20:29:30 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/11/22 20:29:30 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/11/22 20:29:28 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/11/22 20:29:25 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/11/22 20:29:18 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/11/22 20:29:17 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/11/22 20:29:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/11/22 20:29:16 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/11/22 20:29:15 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/11/22 20:29:13 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/11/22 20:29:12 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/11/22 20:29:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/11/22 20:29:10 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/11/22 20:29:10 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/11/22 20:29:09 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/11/22 20:29:09 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/11/22 20:29:09 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/11/22 20:29:09 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/11/22 20:29:09 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/11/22 20:28:49 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/11/22 20:28:44 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/11/22 20:28:43 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/11/22 20:28:35 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/11/22 20:28:35 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/11/22 20:28:35 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/11/22 20:28:34 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/11/22 20:28:34 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/11/22 20:28:33 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/11/22 20:28:32 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/11/22 20:28:32 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/11/22 20:28:31 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/11/22 20:28:31 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/11/22 20:28:31 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/11/22 20:28:31 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/11/22 20:28:27 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/11/22 20:28:26 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/11/22 20:28:26 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/11/22 20:28:06 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/11/22 20:28:06 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/11/22 20:28:04 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/11/22 20:28:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/11/22 20:28:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/11/22 20:28:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/11/22 20:28:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/11/22 20:27:46 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/11/22 20:27:46 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/11/22 20:27:44 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/11/22 20:27:44 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/11/22 20:27:32 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/11/22 20:27:30 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/11/22 20:27:29 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/11/22 20:27:29 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/11/22 20:27:29 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/11/22 20:27:29 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/11/22 20:27:29 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/11/22 20:27:28 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/11/22 20:27:28 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/11/22 20:27:28 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/11/22 20:27:28 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/11/22 20:27:28 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/11/22 20:27:28 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/11/22 20:27:28 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/11/22 20:27:27 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/11/22 20:27:27 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/11/22 20:27:27 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/11/22 20:27:25 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/11/22 20:27:25 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/11/22 20:27:25 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/11/22 20:27:24 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/11/22 20:27:23 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/11/22 20:24:28 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2009/11/22 20:24:19 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2009/11/22 20:24:12 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2009/11/22 20:22:44 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/11/22 20:08:39 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/11/22 20:08:39 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/11/22 20:08:36 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/11/22 20:08:36 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/11/22 14:54:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2009/11/22 09:31:54 | 00,000,000 | ---D | C] -- C:\Windows_old
[2009/11/20 07:31:44 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Gemach Computer\Cookies
[2009/11/20 07:31:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2009/11/20 07:31:44 | 00,000,000 | ---D | C] -- C:\System Volume Information
[2009/11/20 07:31:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cookies
[2009/11/20 07:31:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Cookies
[2009/11/20 07:31:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/11/20 07:31:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2009/11/20 07:31:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent
[2009/11/20 07:31:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\History
[2009/11/19 22:55:55 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2009/11/19 22:55:54 | 00,472,064 | ---- | C] ( ) -- C:\RootRepeal.exe
[2009/11/19 22:28:07 | 53,128,520 | ---- | C] (Norman ASA) -- C:\Norman_Malware_Cleaner.exe
[2009/11/18 14:40:29 | 00,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2009/11/11 19:49:35 | 00,000,000 | ---D | C] -- C:\Program Files\xplorer2
[2009/11/11 19:35:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/11/11 19:35:18 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/11/10 21:55:40 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/10 21:54:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/10 20:13:00 | 00,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2009/11/10 20:12:53 | 00,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2009/11/06 12:50:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/11/06 01:33:34 | 00,000,000 | ---D | C] -- C:\Program Files\AVGold
[2009/11/05 20:19:54 | 01,308,216 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Gemach Computer\Desktop\HijackThis.exe
[2009/11/05 19:38:40 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/04 15:25:00 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/04 15:13:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gemach Computer\Application Data\Malwarebytes
[2009/11/04 15:13:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/04 15:12:15 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gemach Computer\Desktop\mbam-setup.exe
[2009/11/03 16:11:56 | 00,131,584 | ---- | C] (Andreas Hausladen) -- C:\WINDOWS\sv1.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/25 11:03:00 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/11/25 08:42:42 | 00,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/25 08:41:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/25 08:41:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/25 08:41:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/25 08:41:28 | 52,789,2480 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/22 23:54:47 | 10,747,904 | ---- | M] () -- C:\Documents and Settings\Gemach Computer\NTUSER.DAT
[2009/11/22 23:54:47 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Gemach Computer\ntuser.ini
[2009/11/22 23:35:42 | 00,587,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/22 20:34:22 | 00,003,601 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/22 20:34:21 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/11/22 20:25:02 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/22 20:24:54 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/11/22 20:24:54 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/11/22 20:17:33 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/11/22 20:10:27 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/11/22 20:08:57 | 00,435,978 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/22 20:08:57 | 00,071,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/22 20:08:56 | 00,517,406 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/22 20:08:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/20 13:27:01 | 40,684,833 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/11/20 13:25:18 | 00,523,776 | ---- | M] () -- C:\dds.scr
[2009/11/20 12:52:57 | 00,000,015 | ---- | M] () -- C:\settings.dat
[2009/11/20 03:31:22 | 00,047,616 | ---- | M] () -- C:\Win32kDiag.exe
[2009/11/20 03:31:13 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2009/11/20 03:31:06 | 00,472,064 | ---- | M] ( ) -- C:\RootRepeal.exe
[2009/11/20 03:27:54 | 53,128,520 | ---- | M] (Norman ASA) -- C:\Norman_Malware_Cleaner.exe
[2009/11/20 03:09:49 | 02,986,872 | ---- | M] () -- C:\FixVirut.com
[2009/11/19 17:08:00 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/11/19 15:23:04 | 03,566,584 | ---- | M] () -- C:\ComboFix.exe
[2009/11/18 23:46:57 | 00,177,664 | ---- | M] () -- C:\Documents and Settings\Gemach Computer\Desktop\vault-g.xls
[2009/11/18 14:35:46 | 45,381,991 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/18 14:34:41 | 00,095,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/16 15:18:14 | 00,121,085 | ---- | M] () -- C:\Documents and Settings\Gemach Computer\Desktop\bluescreenview1.1_setup.exe
[2009/11/12 14:31:01 | 00,000,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Money 2003.lnk
[2009/11/11 20:08:14 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/11 14:34:29 | 00,000,368 | ---- | M] () -- C:\Documents and Settings\Gemach Computer\Desktop\wbem.re
[2009/11/10 21:54:56 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/10 21:54:55 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/10 21:54:47 | 00,001,541 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/10 21:54:45 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/10 21:54:45 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/10 20:13:04 | 00,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2009/11/09 15:33:34 | 00,001,646 | ---- | M] () -- C:\Documents and Settings\Gemach Computer\My Documents\Voice Studio.lnk
[2009/11/06 14:18:44 | 00,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/04 15:14:22 | 39,658,008 | ---- | M] () -- C:\Documents and Settings\Gemach Computer\Desktop\avast.exe
[2009/11/04 15:04:38 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gemach Computer\Desktop\mbam-setup.exe
[2009/11/03 16:21:03 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/03 16:12:19 | 00,131,584 | ---- | M] (Andreas Hausladen) -- C:\WINDOWS\sv1.exe
[2009/11/03 16:09:24 | 00,006,421 | ---- | M] () -- C:\WINDOWS\System32\7861902.exe
[2009/11/03 16:06:51 | 00,118,124 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2009/11/02 15:35:56 | 06,373,322 | -H-- | M] () -- C:\Documents and Settings\Gemach Computer\Local Settings\Application Data\IconCache.db
[2009/10/31 23:03:35 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/31 22:17:10 | 00,000,446 | ---- | M] () -- C:\Documents and Settings\Gemach Computer\Desktop\ipfdocs on ipfmain.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/25 08:41:28 | 52,789,2480 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/22 20:32:56 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/11/22 20:31:19 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/11/22 20:31:19 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/11/22 20:31:16 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/11/22 20:30:14 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/11/22 20:30:13 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/11/22 20:29:56 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/11/22 20:29:55 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/11/22 20:29:52 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/11/22 20:29:35 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/11/22 20:29:24 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/11/22 20:28:34 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/11/22 20:28:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/11/22 20:28:24 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/11/22 20:28:22 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/11/22 20:28:22 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/11/22 20:28:22 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/11/22 20:28:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/11/22 20:28:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/11/22 20:28:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/11/22 20:28:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/11/22 20:28:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/11/22 20:28:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/11/22 20:28:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/11/22 20:28:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/11/22 20:28:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/11/22 20:28:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/11/22 20:28:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/11/22 20:28:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/11/22 20:28:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/11/22 20:28:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/11/22 20:28:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/11/22 20:28:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/11/22 20:28:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/11/22 20:28:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/11/22 20:28:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/11/22 20:28:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/11/22 20:28:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/11/22 20:28:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/11/22 20:28:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/11/22 20:28:19 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/11/22 20:28:19 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/11/22 20:28:19 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/11/22 20:28:19 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/11/22 20:28:19 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/11/22 20:28:19 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/11/22 20:28:19 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/11/22 20:28:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/11/22 20:28:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/11/22 20:28:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/11/22 20:28:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/11/22 20:28:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/11/22 20:28:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/11/22 20:28:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/11/22 20:28:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/11/22 20:28:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/11/22 20:28:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/11/22 20:28:16 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/11/22 20:28:16 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/11/22 20:28:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/11/22 20:28:15 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/11/22 20:28:15 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/11/22 20:28:14 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/11/22 20:28:13 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/11/22 20:24:54 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/11/22 20:24:42 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/11/22 20:08:11 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/11/22 20:08:11 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/11/22 20:08:11 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/11/22 20:08:11 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/11/22 20:08:11 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/11/22 20:08:11 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/11/22 20:08:11 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/11/22 20:08:11 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/11/22 20:08:11 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/11/22 20:08:11 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/11/22 20:08:11 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/11/22 20:08:11 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/11/22 20:08:11 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/11/22 20:08:11 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/11/22 20:08:11 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/11/22 20:08:11 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/11/22 20:08:11 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/11/22 20:08:11 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/11/22 20:08:10 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/11/22 20:08:10 | 00,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/11/20 13:29:09 | 00,523,776 | ---- | C] () -- C:\dds.scr
[2009/11/20 12:44:13 | 00,000,015 | ---- | C] () -- C:\settings.dat
[2009/11/19 22:55:51 | 00,047,616 | ---- | C] () -- C:\Win32kDiag.exe
[2009/11/19 22:24:53 | 02,986,872 | ---- | C] () -- C:\FixVirut.com
[2009/11/19 22:24:51 | 03,566,584 | ---- | C] () -- C:\ComboFix.exe
[2009/11/18 23:46:57 | 00,177,664 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Desktop\vault-g.xls
[2009/11/18 14:39:55 | 00,121,085 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Desktop\bluescreenview1.1_setup.exe
[2009/11/12 14:31:01 | 00,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Money 2003.lnk
[2009/11/11 14:34:06 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Desktop\wbem.re
[2009/11/10 21:54:47 | 00,001,541 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/10 20:13:04 | 00,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2009/11/04 15:23:23 | 39,658,008 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Desktop\avast.exe
[2009/11/03 16:09:24 | 00,006,421 | ---- | C] () -- C:\WINDOWS\System32\7861902.exe
[2009/07/17 00:10:51 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2009/06/24 19:34:40 | 00,001,364 | ---- | C] () -- C:\WINDOWS\IIAAG2DD.ini
[2009/05/22 12:40:05 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/02/27 00:20:08 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Local Settings\Application Data\Kosong.Bron.Tok.txt
[2009/02/27 00:15:47 | 00,000,169 | ---- | C] () -- C:\Program Files\wxhxutw.inf
[2009/02/27 00:15:00 | 00,000,010 | R--- | C] () -- C:\WINDOWS\System32\sistem.sys
[2009/02/18 14:29:01 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/02/16 15:14:28 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\$_hpcst$.hpc
[2008/12/03 15:46:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2008/12/03 15:38:09 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2008/12/03 15:37:41 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2008/12/03 15:37:41 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2008/02/24 20:04:37 | 00,005,309 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/14 00:30:00 | 00,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2008/02/08 13:06:01 | 00,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/05/29 18:05:18 | 00,000,268 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\LMCPaper.dat
[2007/02/28 02:56:35 | 00,003,932 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\LMLayout.dat
[2007/02/25 15:05:32 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
[2007/02/25 15:03:52 | 00,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
[2007/02/25 15:03:52 | 00,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
[2007/02/25 15:03:52 | 00,012,800 | ---- | C] () -- C:\WINDOWS\SS16FT.DLL
[2007/02/25 15:03:52 | 00,002,554 | ---- | C] () -- C:\WINDOWS\SSDS16.INI
[2007/02/25 15:03:52 | 00,002,552 | ---- | C] () -- C:\WINDOWS\Ssds32.ini
[2007/02/25 15:03:52 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew05.ini
[2007/02/25 15:03:52 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew04.ini
[2007/02/25 15:03:52 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew03.ini
[2007/02/25 15:03:52 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew02.ini
[2007/02/25 15:03:52 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew01.ini
[2007/02/25 15:03:52 | 00,002,269 | ---- | C] () -- C:\WINDOWS\Ssdef32.ini
[2007/02/25 15:03:52 | 00,002,267 | ---- | C] () -- C:\WINDOWS\SSDEF16.INI
[2007/02/25 15:03:52 | 00,000,029 | ---- | C] () -- C:\WINDOWS\MyScan.ini
[2007/02/25 15:03:40 | 00,004,256 | ---- | C] () -- C:\WINDOWS\System32\LMStatus.ini
[2007/02/14 00:22:33 | 00,014,420 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\coreldrw.tpa
[2006/11/03 00:43:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/03/27 08:56:22 | 00,004,585 | ---- | C] () -- C:\WINDOWS\Dagesh2000.ini
[2006/02/19 15:20:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2006/02/15 15:31:09 | 00,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2006/01/30 15:21:12 | 00,000,369 | ---- | C] () -- C:\WINDOWS\capture.ini
[2005/11/19 20:57:36 | 00,139,264 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/12 18:28:17 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2005/11/12 18:28:17 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2005/11/12 18:28:15 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2005/11/12 18:28:14 | 00,021,723 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Local Settings\Application Data\NetMailTmp.bin
[2005/09/09 00:49:13 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\PFP120JPR.{PB
[2005/09/09 00:49:13 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\PFP120JCM.{PB
[2005/07/15 00:18:50 | 00,005,253 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2005/07/15 00:18:50 | 00,000,664 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2005/07/08 00:41:29 | 00,172,488 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/07/08 00:39:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/06 17:35:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/01 12:54:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\desktop.ini
[2005/07/01 12:53:54 | 06,373,322 | -H-- | C] () -- C:\Documents and Settings\Gemach Computer\Local Settings\Application Data\IconCache.db
[2005/06/21 11:14:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/21 11:07:51 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/21 10:56:22 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/06/21 10:55:23 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/06/21 10:35:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/06/21 10:34:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/06/21 10:34:40 | 00,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 17:00:37 | 00,000,593 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 17:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 07:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 07:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/03/21 16:54:42 | 00,000,047 | ---- | C] () -- C:\WINDOWS\CR8install.ini
[2002/01/24 04:29:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaxlcnp.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Purity Check ==========



========== Files - Unicode (All) ==========
< End of report >



OTL Extras logfile created on: 11/25/2009 2:45:10 PM - Run 2
OTL by OldTimer - Version 3.1.6.0 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 122.54 Mb Available Physical Memory | 24.34% Memory free
1.20 Gb Paging File | 0.86 Gb Available in Paging File | 71.80% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.04 Gb Total Space | 2.84 Gb Free Space | 11.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 977.72 Mb Total Space | 877.31 Mb Free Space | 89.73% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEMACH
Current User Name: Gemach Computer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe:*:Disabled:PDP RPC Server -- (DeviceGuys)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Disabled:VNC server for Win32 -- (UltraVNC)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:LocalSubNet:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Global Devtech\Network Chat\Network Chat.exe" = C:\Program Files\Global Devtech\Network Chat\Network Chat.exe:LocalSubNet:Enabled:Network Chat Utility -- (Global DevTech)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{01B06D09-CF96-4878-A0F4-B6217150BB1B}" = Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{44CE6902-84EA-11D6-887E-00609721D519}" = Voice Studio
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{88739060-F683-11D3-B761-00105AD153C1}" = Lexmark X125
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BEB3F497-77A9-421A-9CDD-1C447CBB58D8}" = Network Chat 1.41
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4CB7852-8308-4BBB-AF7D-48F073B58507}" = Polaroid Digital Cam
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F62C8188-DA37-41C5-A565-2056F33A3FFB}_is1" = UltraVNC v1.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"AVG9Uninstall" = AVG Free 9.0
"AVGantiRootkit" = AVG Anti-Rootkit Free
"AVS Disc Creator_is1" = AVS Disc Creator version 3.2
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"CR8" = CR8
"Dagesh2000" = Dagesh2000
"DellSupport" = Dell Support 5.0.0 (630)
"Dragon NaturallySpeaking Components" = Dragon NaturallySpeaking Components
"ExpressBurn" = Express Burn
"ffdshow" = ffdshow (remove only)
"HijackThis" = HijackThis 2.0.0
"IBM Printer Software Uninstall" = IBM Printer Software Uninstall
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Lexmark Z25-Z35" = Lexmark Z25-Z35
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Streets & Trips 2000" = Microsoft Expedia Streets & Trips 2000
"PROSet" = Intel® PRO Network Adapters and Drivers
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer Basic
"Remote Administrator v2.2" = Remote Administrator v2.2
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"Serif PhotoPlus 5.0" = Serif PhotoPlus 5.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"Super Fast Shutdown_is1" = Super Fast Shutdown 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultravnc2_is1" = UltraVNC 1.0.5.3
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Basic 6.0 Working Model Edition" = Microsoft Visual Basic 6.0 Working Model Edition
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.2b
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows Mobile Device Handbook" = Touch by HTC™ User Guide
"WMFDist11" = Windows Media Format 11 runtime

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2009 12:52:33 AM | Computer Name = GEMACH | Source = MsiInstaller | ID = 11316
Description = Product: VBA (2627.01) -- Error 1316. A network error occurred while
attempting to read from the file: C:\rootk\vba6.msi

Error - 11/11/2009 12:58:21 AM | Computer Name = GEMACH | Source = MsiInstaller | ID = 11316
Description = Product: Microsoft Money 2003 System Pack -- Error 1316.A network
error occurred while attempting to read from the file: C:\DOCUME~1\GEMACH~1\LOCALS~1\Temp\Temporary
Directory 1 for New Compressed (zipped) Folder.zip\SYSPACK.MSI

Error - 11/11/2009 12:58:52 AM | Computer Name = GEMACH | Source = MsiInstaller | ID = 11316
Description = Product: Microsoft Money 2003 -- Error 1316.A network error occurred
while attempting to read from the file: C:\DOCUME~1\GEMACH~1\LOCALS~1\Temp\Temporary
Directory 2 for New Compressed (zipped) Folder.zip\MONEY.MSI

Error - 11/11/2009 12:59:02 AM | Computer Name = GEMACH | Source = MsiInstaller | ID = 11316
Description = Product: Microsoft Money 2003 System Pack -- Error 1316.A network
error occurred while attempting to read from the file: C:\DOCUME~1\GEMACH~1\LOCALS~1\Temp\Temporary
Directory 3 for New Compressed (zipped) Folder.zip\SYSPACK.MSI

Error - 11/11/2009 1:05:31 AM | Computer Name = GEMACH | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Money 2003 -- Error 1706.No valid source could
be found for product Microsoft Money 2003. The Windows installer cannot continue.

Error - 11/11/2009 1:10:14 AM | Computer Name = GEMACH | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Money 2003 -- Error 1706.No valid source could
be found for product Microsoft Money 2003. The Windows installer cannot continue.

Error - 11/11/2009 9:00:27 PM | Computer Name = GEMACH | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 2868 ,Logged: Success: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {01B06D09-CF96-4878-A0F4-B6217150BB1B}

Error - 11/11/2009 9:00:36 PM | Computer Name = GEMACH | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 2868 ,Logged: Success: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {02B42D23-10F2-4862-ADA4-3DF1EA0021B2}

Error - 11/22/2009 9:26:04 PM | Computer Name = GEMACH | Source = VSS | ID = 4101
Description = Volume Shadow Copy Service error: Cannot obtain the collection 'Applications'
from the COM+ catalog [0x80040154].

Error - 11/22/2009 9:26:29 PM | Computer Name = GEMACH | Source = SceCli | ID = 1000
Description = Security configuration was not backed up. Error 1208 to open database.

[ System Events ]
Error - 11/23/2009 3:44:02 PM | Computer Name = GEMACH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/23/2009 3:44:06 PM | Computer Name = GEMACH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/23/2009 4:10:02 PM | Computer Name = GEMACH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/23/2009 4:10:02 PM | Computer Name = GEMACH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/23/2009 4:10:39 PM | Computer Name = GEMACH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/25/2009 9:41:37 AM | Computer Name = GEMACH | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 11/25/2009 9:43:09 AM | Computer Name = GEMACH | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service IISADMIN with
arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}

Error - 11/25/2009 12:03:00 PM | Computer Name = GEMACH | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error: %%2147942402

Error - 11/25/2009 3:24:33 PM | Computer Name = GEMACH | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Corsair Flash
Voyager USB Device.

Error - 11/25/2009 3:24:36 PM | Computer Name = GEMACH | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Corsair Flash
Voyager USB Device.


< End of report >





DDS (Ver_09-10-26.01) - NTFSx86
Run by Gemach Computer at 3:46:11.73 on Fri 11/27/2009
Internet Explorer: 6.0.2900.2180

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL =
uSearch Bar =
mDefault_Page_URL =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Burn4Free Toolbar Helper: {d187a56b-a33f-4cbe-9d77-459fc0bae012} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Burn4Free Toolbar: {4f11acbb-393f-4c86-a214-ff3d0d155cc3} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: MoneySide: {d6a116e7-5906-42e4-87f6-e7e15936415e} - c:\program files\microsoft money\system\mnyside.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\networ~1.lnk - c:\program files\global devtech\network chat\Network Chat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\uvncse~1.lnk - c:\program files\ultravnc\winvnc.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://gemach/tsweb/msrdp.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\kbdnet.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2022-11-24 20:08:43 0 d-----w- c:\program files\CR8
2009-11-26 05:10:08 0 d-----w- C:\!KillBox
2009-11-25 13:53:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2009-11-23 04:42:43 163840 ----a-w- c:\windows\system32\igfxres.dll
2009-11-23 01:31:56 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2009-11-23 01:30:55 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2009-11-23 01:29:59 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2009-11-23 01:28:49 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime
2009-11-23 01:27:46 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2009-11-23 01:24:54 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-11-23 01:24:42 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-11-23 01:24:42 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-23 01:24:42 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-11-23 01:24:42 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-11-23 01:24:42 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-11-23 01:24:28 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-11-23 01:24:19 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-11-23 01:24:12 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-11-23 01:22:44 218112 -c--a-w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-23 01:22:44 218112 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-11-23 01:07:57 13753 ----a-r- c:\windows\SET5C.tmp
2009-11-23 01:07:53 1086058 ----a-r- c:\windows\SET50.tmp
2009-11-23 01:07:50 1042903 ----a-r- c:\windows\SET4D.tmp
2009-11-22 19:54:33 0 d-----w- c:\windows\dell
2009-11-22 14:31:54 0 d-----w- C:\Windows_old
2009-11-20 18:29:09 523776 ----a-w- C:\dds.scr
2009-11-20 17:44:13 15 ----a-w- C:\settings.dat
2009-11-20 12:31:44 0 d-----w- c:\windows\Cookies
2009-11-20 12:31:43 0 d-----w- c:\windows\Recent
2009-11-20 03:55:55 529408 ----a-w- C:\OTL.exe
2009-11-20 03:55:54 472064 ----a-w- C:\RootRepeal.exe
2009-11-20 03:55:51 47616 ----a-w- C:\Win32kDiag.exe
2009-11-20 03:28:07 53128520 ----a-w- C:\Norman_Malware_Cleaner.exe
2009-11-20 03:24:53 2986872 ----a-w- C:\FixVirut.com
2009-11-20 03:24:51 3566584 ----a-w- C:\ComboFix.exe
2009-11-18 19:40:29 0 d-----w- c:\program files\NirSoft
2009-11-12 00:49:35 0 d-----w- c:\program files\xplorer2
2009-11-12 00:35:29 0 d-----w- c:\program files\Windows Installer Clean Up
2009-11-12 00:35:18 0 d-----w- c:\program files\MSECACHE
2009-11-11 02:55:40 0 d--h--w- C:\$AVG
2009-11-11 02:54:23 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-11 01:13:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-11-06 17:50:23 0 d-----w- c:\windows\SxsCaPendDel
2009-11-06 06:33:34 0 d-----w- c:\program files\AVGold
2009-11-06 00:38:40 0 d-----w- c:\program files\AVG
2009-11-04 20:13:30 0 d-----w- c:\docume~1\gemach~1\applic~1\Malwarebytes
2009-11-04 20:13:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-03 21:11:56 131584 ----a-w- c:\windows\sv1.exe
2009-11-03 21:09:28 0 ----a-w- c:\windows\system32\57.tmp
2009-11-03 21:09:24 6421 ----a-w- c:\windows\system32\7861902.exe
2009-11-03 21:09:24 52 ----a-w- c:\windows\system32\55.tmp

==================== Find3M ====================

2009-11-11 02:54:56 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-11 02:54:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 21:06:51 118124 ----a-w- c:\windows\system32\Prounstl.exe
2009-02-27 05:15:47 169 ----a-w- c:\program files\wxhxutw.inf

============= FINISH: 3:46:38.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:57 PM

Posted 02 December 2009 - 09:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 adambrown

adambrown
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 02 December 2009 - 03:10 PM

DDS (Ver_09-10-26.01) - NTFSx86
Run by Gemach Computer at 3:01:11.73 on Wed 12/2/2009
Internet Explorer: 6.0.2900.2180

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL =
uSearch Bar =
mDefault_Page_URL =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Burn4Free Toolbar Helper: {d187a56b-a33f-4cbe-9d77-459fc0bae012} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Burn4Free Toolbar: {4f11acbb-393f-4c86-a214-ff3d0d155cc3} - c:\program files\burn4free toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: MoneySide: {d6a116e7-5906-42e4-87f6-e7e15936415e} - c:\program files\microsoft money\system\mnyside.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\networ~1.lnk - c:\program files\global devtech\network chat\Network Chat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\uvncse~1.lnk - c:\program files\ultravnc\winvnc.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://gemach/tsweb/msrdp.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\kbdnet.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2022-11-24 20:08:43 0 d-----w- c:\program files\CR8
2009-11-26 05:10:08 0 d-----w- C:\!KillBox
2009-11-25 13:53:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2009-11-23 04:42:43 163840 ----a-w- c:\windows\system32\igfxres.dll
2009-11-23 01:31:56 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2009-11-23 01:30:55 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2009-11-23 01:29:59 257024 -c--a-w- c:\windows\system32\dllcache\infocomm.dll
2009-11-23 01:28:49 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime
2009-11-23 01:27:46 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2009-11-23 01:24:54 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-11-23 01:24:42 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-11-23 01:24:42 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-23 01:24:42 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-11-23 01:24:42 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-11-23 01:24:42 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-11-23 01:24:28 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-11-23 01:24:19 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-11-23 01:24:12 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-11-23 01:22:44 218112 -c--a-w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-23 01:22:44 218112 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-11-23 01:07:57 13753 ----a-r- c:\windows\SET5C.tmp
2009-11-23 01:07:53 1086058 ----a-r- c:\windows\SET50.tmp
2009-11-23 01:07:50 1042903 ----a-r- c:\windows\SET4D.tmp
2009-11-22 19:54:33 0 d-----w- c:\windows\dell
2009-11-22 14:31:54 0 d-----w- C:\Windows_old
2009-11-20 18:29:09 523776 ----a-w- C:\dds.scr
2009-11-20 17:44:13 15 ----a-w- C:\settings.dat
2009-11-20 12:31:44 0 d-----w- c:\windows\Cookies
2009-11-20 12:31:43 0 d-----w- c:\windows\Recent
2009-11-20 03:55:55 529408 ----a-w- C:\OTL.exe
2009-11-20 03:55:54 472064 ----a-w- C:\RootRepeal.exe
2009-11-20 03:55:51 47616 ----a-w- C:\Win32kDiag.exe
2009-11-20 03:28:07 53128520 ----a-w- C:\Norman_Malware_Cleaner.exe
2009-11-20 03:24:53 2986872 ----a-w- C:\FixVirut.com
2009-11-20 03:24:51 3566584 ----a-w- C:\ComboFix.exe
2009-11-18 19:40:29 0 d-----w- c:\program files\NirSoft
2009-11-12 00:49:35 0 d-----w- c:\program files\xplorer2
2009-11-12 00:35:29 0 d-----w- c:\program files\Windows Installer Clean Up
2009-11-12 00:35:18 0 d-----w- c:\program files\MSECACHE
2009-11-11 02:55:40 0 d--h--w- C:\$AVG
2009-11-11 02:54:23 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-11 01:13:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-11-06 17:50:23 0 d-----w- c:\windows\SxsCaPendDel
2009-11-06 06:33:34 0 d-----w- c:\program files\AVGold
2009-11-06 00:38:40 0 d-----w- c:\program files\AVG
2009-11-04 20:13:30 0 d-----w- c:\docume~1\gemach~1\applic~1\Malwarebytes
2009-11-04 20:13:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-03 21:11:56 131584 ----a-w- c:\windows\sv1.exe
2009-11-03 21:09:28 0 ----a-w- c:\windows\system32\57.tmp
2009-11-03 21:09:24 6421 ----a-w- c:\windows\system32\7861902.exe
2009-11-03 21:09:24 52 ----a-w- c:\windows\system32\55.tmp

==================== Find3M ====================

2009-11-11 02:54:56 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-11 02:54:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 21:06:51 118124 ----a-w- c:\windows\system32\Prounstl.exe
2009-02-27 05:15:47 169 ----a-w- c:\program files\wxhxutw.inf

============= FINISH: 3:01:38.84 ===============

#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:57 PM

Posted 05 December 2009 - 11:26 PM

Hello adambrown and welcome to Bleeping Computer!! :(

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off when copying and pasting logs and only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.

Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!
PW

#5 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:57 PM

Posted 12 December 2009 - 09:42 AM

Hello adambrown,

I have some bad news.

With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary.

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.

CA Virus detail of W32/Virut

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutThis kind of infection is often contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

However, the CA Security Advisor Research Blog have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Since virut is not effectively disinfectable, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:Since you have already attempted to disinfect your machine here is some more information.

There are tools and various rescue disks available from major anti-virus vendors. You can try them or booting from every rescue disk you can find but they will likely leave you computer in an unbootable state as a result of futile attempts to repair critical system files and drivers. Even the vendors like Kaspersky say there is no guarantee that some files will not get corrupted during the disinfection process. In the end most folks end up reformatting out of frustration after spending hours attempting to repair and remove infected files. IMO the safest and easiest thing to do is just reformat and reinstall Windows.

Bleeping Computer DOES NOT assume any responsibility for your attempt to repair this infection using any of the following tools. You do this at your own risk and against our advice.

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD utilities that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Thanks!!
PW

#6 adambrown

adambrown
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 13 December 2009 - 03:09 PM

I'm sorry, however, you did not answer my question. As I mentioned in my original post, I know that all the experts say that the only way to completely remove Virut is with a low-level re-format. My question, as I stated in my original post, was that the steps that I took seem to have removed it without reformatting. I already fixed my Hosts file, and AVG found all of the HTMLs that were infected. Regarding the exe's, I've scanned several times with AVG's Virut Removal Tool, and it says it cleaned everything and there is nothing else that is infected. I just wanted to know if there was anything suspicious in the HJT, OTL and DDS logs. If someone would be able to check through them and tell me if they see anything that should not be there, it would be greatly appreciated. These logs should be currently relevant, as I have not used the computer since I ran the scans. Thanx.

Adam

#7 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:57 PM

Posted 14 December 2009 - 04:52 PM

Hello adambrown and welcome back to Bleeping Computer!!

as I stated in my original post, was that the steps that I took seem to have removed it without reformatting. I already fixed my Hosts file, and AVG found all of the HTMLs that were infected. Regarding the exe's, I've scanned several times with AVG's Virut Removal Tool, and it says it cleaned everything and there is nothing else that is infected. I just wanted to know if there was anything suspicious in the HJT, OTL and DDS logs. If someone would be able to check through them and tell me if they see anything that should not be there, it would be greatly appreciated. These logs should be currently relevant, as I have not used the computer since I ran the scans. Thanx.


To answer your question yes, you are still infected and as far as Virut who knows if it is still present. It probably is.

I could have you fix the problems that show in your log and send you on your way but by doing so I would be performing an injustice to you and the computing community at large.

I also understand that you used the AVG Virut Removal Tool, rmvirut.exe, but even AVG has a disclaimer that I posted in my reply.

it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.


Your logs can show to be clean but the viral code can still be present. No matter what tools or scanners are used there is still the possibility your machine is infected. You may think it is clean when it is not. The only way to be completely sure is to reformat/reinstall.

If you have any more questions do not hesitate to ask.

Thanks!!!
PW

#8 adambrown

adambrown
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 20 December 2009 - 04:04 AM

Sorry for the delay.
I understand what you're saying. However, I don't want to reformat, since I have several programs which I don't have CDs for. I isolated the computer off any networks or the Internet right after I realized that it was infected. So I will try using it as is, and make sure not to infect anything else. I just want to know if you can tell me what to fix regarding these logs, so that I could use the computer while it runs without being noticeably infected. Thanx.

Edited by adambrown, 20 December 2009 - 04:05 AM.


#9 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:57 PM

Posted 21 December 2009 - 12:17 PM

Hello adambrown,

Lets run Dr. WebCureit.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
In your next reply please include the Dr. Web report.

Thanks!
PW

#10 adambrown

adambrown
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 22 December 2009 - 03:10 PM

Below is the DrWeb.csv file:

BtwSrv.dll;C:\WINDOWS\system32;Trojan.DownLoad1.10684;Deleted.;
FastNetSrv.exe;C:\WINDOWS\system32;Trojan.DownLoad1.10683;Deleted.;
FastNetSrv.exex;C:\WINDOWS\system32;Trojan.DownLoad1.12338;Deleted.;
kbdnet.dll;C:\WINDOWS\system32;BackDoor.AdLoad;Deleted.;
lsm32.sys;C:\WINDOWS\system32;Trojan.Click.34462;Deleted.;
mscert.dll;C:\WINDOWS\system32;Trojan.MulDrop.42466;Deleted.;
opeia.exe;C:\WINDOWS\system32;Trojan.Bfkq.151;Deleted.;
PXCPYA64.EXE;C:\dell\MEDIAEXE;Win32.Virut.56;Cured.;
PXCPYI64.EXE;C:\dell\MEDIAEXE;Win32.Virut.56;Cured.;
PXINSA64.EXE;C:\dell\MEDIAEXE;Win32.Virut.56;Cured.;
PXINSI64.EXE;C:\dell\MEDIAEXE;Win32.Virut.56;Cured.;
GTDownDE_87.ocx;C:\i386;Adware.Gdown;Incurable.Moved.;
pxcpya64.exe;C:\i386;Win32.Virut.56;Cured.;
pxcpyi64.exe;C:\i386;Win32.Virut.56;Cured.;
pxinsa64.exe;C:\i386;Win32.Virut.56;Cured.;
pxinsi64.exe;C:\i386;Win32.Virut.56;Cured.;
restart.exe;C:\Program Files\Super Fast Shutdown;Tool.ShutDown.14;Incurable.Moved.;
vnchooks.dll;C:\Program Files\Utra Vnc;Program.RemoteAdmin.4;Incurable.Moved.;
sv1.exe;C:\WINDOWS;Trojan.Bfkq.131;Deleted.;
sv1.exe;C:\Windows_old;Trojan.Bfkq.131;Deleted.;
BtwSrv.dll;C:\Windows_old\system32;Trojan.DownLoad1.10684;Deleted.;
FastNetSrv.exe;C:\Windows_old\system32;Trojan.DownLoad1.10683;Deleted.;
FastNetSrv.exex;C:\Windows_old\system32;Trojan.DownLoad1.12338;Deleted.;
kbdnet.dll;C:\Windows_old\system32;BackDoor.AdLoad;Deleted.;
lsm32.sys;C:\Windows_old\system32;Trojan.Click.34462;Deleted.;
mscert.dll;C:\Windows_old\system32;Trojan.MulDrop.42466;Deleted.;
opeia.exe;C:\Windows_old\system32;Trojan.Bfkq.151;Deleted.;

#11 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:57 PM

Posted 23 December 2009 - 09:15 AM

Hello adambrown,

PXCPYA64.EXE;C:\dell\MEDIAEXE;Win32.Virut.56;Cured.;
PXCPYI64.EXE;C:\dell\MEDIAEXE;Win32.Virut.56;Cured.;
PXINSA64.EXE;C:\dell\MEDIAEXE;Win32.Virut.56;Cured.;
PXINSI64.EXE;C:\dell\MEDIAEXE;Win32.Virut.56;Cured.;
Just what we suspected. You are still infected with Virut. Again, just because the antivirus scanner found and cured these particular files is no guarantee there are not more that it didn't find or "see".

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

In your next reply please inculde:

OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized
gmer.log


Thanks!!
PW

#12 adambrown

adambrown
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 24 December 2009 - 12:15 AM

Below is the OTListIt.txt (OTL did not create an Extra.txt; I ran it again with the same results):


OTL logfile created on: 12/23/2009 10:00:00 PM - Run 3
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Gemach Computer\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.04 Gb Total Space | 2.37 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEMACH
Current User Name: Gemach Computer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/23 15:05:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gemach Computer\Desktop\OTL.exe
PRC - [2009/11/10 21:54:40 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/10 21:54:40 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/10 21:54:40 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/10 21:54:31 | 04,015,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgui.exe
PRC - [2009/11/10 21:54:29 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/10 21:54:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/12/29 22:22:36 | 01,692,224 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2008/02/19 12:10:32 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/02/19 12:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/07/24 14:17:08 | 00,227,389 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
PRC - [2005/02/06 22:48:20 | 00,344,064 | ---- | M] (Global DevTech) -- C:\Program Files\Global Devtech\Network Chat\Network Chat.exe
PRC - [2004/08/04 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/14 00:35:50 | 00,536,576 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/05/13 10:23:56 | 00,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/02/14 05:48:06 | 00,299,008 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2002/01/24 04:09:56 | 00,173,664 | ---- | M] () -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2000/08/08 12:32:12 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/23 15:05:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gemach Computer\Desktop\OTL.exe
MOD - [2004/08/04 07:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 07:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2004/05/13 10:23:50 | 00,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (W3SVC)
SRV - File not found [Auto | Stopped] -- -- (r_server)
SRV - File not found [Auto | Stopped] -- -- (IISADMIN)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2009/11/10 21:54:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/02/19 12:10:24 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/07/24 14:17:08 | 00,227,389 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/04/01 22:08:30 | 00,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2002/02/14 05:48:06 | 00,299,008 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2000/08/08 12:32:12 | 00,053,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)


========== Driver Services (SafeList) ==========

DRV - [2009/11/10 21:54:56 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/10 21:54:55 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/07/30 00:51:30 | 00,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/02/18 10:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007/07/24 05:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/31 08:33:46 | 00,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 07:00:28 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2005/06/21 11:06:53 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/03/21 20:48:30 | 00,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2005/03/10 22:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/03/03 00:14:18 | 00,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/11/02 23:27:20 | 00,773,565 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/09/09 20:42:00 | 00,007,552 | ---- | M] (PortalPlayer, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\YH-820.sys -- (PortlUSB)
DRV - [2004/08/18 14:53:54 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 07:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 07:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 07:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 07:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 07:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 07:00:00 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 07:00:00 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 07:00:00 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 07:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 07:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 07:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 07:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 07:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 07:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 07:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/17 20:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 20:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 20:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/13 10:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/03/24 10:12:44 | 00,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/17 18:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/02/13 16:46:00 | 00,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2004/02/10 20:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2002/11/28 21:23:24 | 00,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2001/10/01 22:37:40 | 00,017,432 | ---- | M] (lecs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-341943289-924988582-3446032598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-341943289-924988582-3446032598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-341943289-924988582-3446032598-1005\S-1-5-21-341943289-924988582-3446032598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-341943289-924988582-3446032598-1005\S-1-5-21-341943289-924988582-3446032598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (715 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-341943289-924988582-3446032598-1005\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Chat AutoStart.lnk = C:\Program Files\Global Devtech\Network Chat\Network Chat.exe (Global DevTech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UVNCServer.lnk = C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-341943289-924988582-3446032598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://gemach/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/27 00:15:06 | 00,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{286ec7d3-18df-11de-abc6-00123f0e6ac0}\Shell - "" = AutoRun
O33 - MountPoints2\{286ec7d3-18df-11de-abc6-00123f0e6ac0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{286ec7d3-18df-11de-abc6-00123f0e6ac0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{286ec7d4-18df-11de-abc6-00123f0e6ac0}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{286ec7d4-18df-11de-abc6-00123f0e6ac0}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe -- File not found
O33 - MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\Shell\AutoRun\command - "" = E:\ypsniox.exe -- File not found
O33 - MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\Shell\explore\Command - "" = E:\ypsniox.exe -- File not found
O33 - MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\Shell\open\Command - "" = E:\ypsniox.exe -- File not found
O33 - MountPoints2\{6893feb8-1be8-11dd-ab71-00123f0e6ac0}\Shell - "" = AutoRun
O33 - MountPoints2\{6893feb8-1be8-11dd-ab71-00123f0e6ac0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6893feb8-1be8-11dd-ab71-00123f0e6ac0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fdab3506-bcdd-11de-ac01-00123f0e6ac0}\Shell - "" = AutoRun
O33 - MountPoints2\{fdab3506-bcdd-11de-ac01-00123f0e6ac0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fdab3506-bcdd-11de-ac01-00123f0e6ac0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fdab3507-bcdd-11de-ac01-00123f0e6ac0}\Shell\Auto\command - "" = F:\fun.xls.exe -- File not found
O33 - MountPoints2\{fdab3507-bcdd-11de-ac01-00123f0e6ac0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fdab3512-bcdd-11de-ac01-00123f0e6ac0}\Shell\Auto\command - "" = E:\fun.xls.exe -- File not found
O33 - MountPoints2\{fdab3512-bcdd-11de-ac01-00123f0e6ac0}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2022/11/24 15:08:43 | 00,000,000 | ---D | C] -- C:\Program Files\CR8
[2009/12/23 20:08:34 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gemach Computer\Desktop\OTL.exe
[2009/12/22 00:03:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gemach Computer\DoctorWeb
[2009/12/22 00:01:58 | 25,914,896 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Gemach Computer\Desktop\25cemgu6.exe
[2009/11/26 00:10:08 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/11/25 08:53:00 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/11/10 21:53:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/10 21:53:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/10 21:53:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/10 21:53:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/28 16:16:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2008/09/05 09:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/23 15:25:43 | 00,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/23 15:25:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/23 15:25:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/23 15:25:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/23 15:25:18 | 52,789,2480 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/23 15:05:44 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Gemach Computer\Desktop\j6lor2r5.exe
[2009/12/23 15:05:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gemach Computer\Desktop\OTL.exe
[2009/12/22 14:26:00 | 10,747,904 | ---- | M] () -- C:\Documents and Settings\Gemach Computer\NTUSER.DAT
[2009/12/22 14:26:00 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Gemach Computer\ntuser.ini
[2009/12/22 13:17:01 | 01,568,656 | -H-- | M] () -- C:\Documents and Settings\Gemach Computer\Local Settings\Application Data\IconCache.db
[2009/12/22 13:16:35 | 00,001,625 | ---- | M] () -- C:\Documents and Settings\Gemach Computer\Desktop\DrWeb.csv
[2009/12/22 00:12:42 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/21 17:08:00 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/12/21 15:15:34 | 25,914,896 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Gemach Computer\Desktop\25cemgu6.exe
[2009/12/21 11:03:00 | 00,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/12/15 17:06:19 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/13 23:55:35 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/26 08:51:43 | 00,000,015 | ---- | M] () -- C:\settings.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/23 20:08:34 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Desktop\j6lor2r5.exe
[2009/12/22 13:18:57 | 52,789,2480 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/22 13:16:35 | 00,001,625 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Desktop\DrWeb.csv
[2009/12/22 00:12:42 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/13 22:36:19 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/17 00:10:51 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2009/06/24 19:34:40 | 00,001,364 | ---- | C] () -- C:\WINDOWS\IIAAG2DD.ini
[2009/05/22 12:40:05 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/02/27 00:20:08 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Local Settings\Application Data\Kosong.Bron.Tok.txt
[2009/02/27 00:15:47 | 00,000,169 | ---- | C] () -- C:\Program Files\wxhxutw.inf
[2009/02/27 00:15:00 | 00,000,010 | R--- | C] () -- C:\WINDOWS\System32\sistem.sys
[2009/02/18 14:29:01 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/02/16 15:14:28 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\$_hpcst$.hpc
[2008/12/03 15:46:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2008/12/03 15:38:09 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2008/12/03 15:37:41 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2008/12/03 15:37:41 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2008/02/24 20:04:37 | 00,005,309 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/14 00:30:00 | 00,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2008/02/08 13:06:01 | 00,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/05/29 18:05:18 | 00,000,268 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\LMCPaper.dat
[2007/02/28 02:56:35 | 00,003,932 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\LMLayout.dat
[2007/02/25 15:05:32 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\LM_SUPPORT.INI
[2007/02/25 15:03:52 | 00,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
[2007/02/25 15:03:52 | 00,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
[2007/02/25 15:03:52 | 00,012,800 | ---- | C] () -- C:\WINDOWS\SS16FT.DLL
[2007/02/25 15:03:52 | 00,002,554 | ---- | C] () -- C:\WINDOWS\SSDS16.INI
[2007/02/25 15:03:52 | 00,002,552 | ---- | C] () -- C:\WINDOWS\Ssds32.ini
[2007/02/25 15:03:52 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew05.ini
[2007/02/25 15:03:52 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew04.ini
[2007/02/25 15:03:52 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew03.ini
[2007/02/25 15:03:52 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew02.ini
[2007/02/25 15:03:52 | 00,002,371 | ---- | C] () -- C:\WINDOWS\ssnew01.ini
[2007/02/25 15:03:52 | 00,002,269 | ---- | C] () -- C:\WINDOWS\Ssdef32.ini
[2007/02/25 15:03:52 | 00,002,267 | ---- | C] () -- C:\WINDOWS\SSDEF16.INI
[2007/02/25 15:03:52 | 00,000,029 | ---- | C] () -- C:\WINDOWS\MyScan.ini
[2007/02/25 15:03:40 | 00,004,256 | ---- | C] () -- C:\WINDOWS\System32\LMStatus.ini
[2007/02/14 00:22:33 | 00,014,420 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\coreldrw.tpa
[2006/11/03 00:43:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/03/27 08:56:22 | 00,004,585 | ---- | C] () -- C:\WINDOWS\Dagesh2000.ini
[2006/02/19 15:20:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2006/02/15 15:31:09 | 00,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2006/01/30 15:21:12 | 00,000,369 | ---- | C] () -- C:\WINDOWS\capture.ini
[2005/11/19 20:57:36 | 00,139,264 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/12 18:28:17 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2005/11/12 18:28:17 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2005/11/12 18:28:15 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2005/11/12 18:28:14 | 00,021,723 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Local Settings\Application Data\NetMailTmp.bin
[2005/09/09 00:49:13 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\PFP120JPR.{PB
[2005/09/09 00:49:13 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Gemach Computer\Application Data\PFP120JCM.{PB
[2005/07/15 00:18:50 | 00,005,253 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2005/07/15 00:18:50 | 00,000,664 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2005/07/08 00:39:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/06 17:35:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/21 11:14:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/21 11:07:51 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/21 10:56:22 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/06/21 10:55:23 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/06/21 10:35:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/06/21 10:34:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/06/21 10:34:40 | 00,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 07:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 07:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/03/21 16:54:42 | 00,000,047 | ---- | C] () -- C:\WINDOWS\CR8install.ini
[2002/01/24 04:29:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaxlcnp.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Unicode (All) ==========
[2009/10/23 10:32:15 | 00,019,968 | ---- | M] ()(C:\Documents and Settings\Gemach Computer\My Documents\???? ????? .xls) -- C:\Documents and Settings\Gemach Computer\My Documents\בעלי תפילה .xls
[2009/09/03 21:27:13 | 00,025,600 | ---- | M] ()(C:\Documents and Settings\Gemach Computer\My Documents\???? ????.doc) -- C:\Documents and Settings\Gemach Computer\My Documents\אבות פרקי.doc
[2009/09/03 20:41:59 | 00,025,600 | ---- | C] ()(C:\Documents and Settings\Gemach Computer\My Documents\???? ????.doc) -- C:\Documents and Settings\Gemach Computer\My Documents\אבות פרקי.doc
[2009/07/01 13:03:47 | 00,000,000 | ---D | M](C:\Documents and Settings\Gemach Computer\My Documents\???? ??????) -- C:\Documents and Settings\Gemach Computer\My Documents\אוצר הספרים
[2008/11/27 14:33:09 | 00,019,968 | ---- | C] ()(C:\Documents and Settings\Gemach Computer\My Documents\???? ????? .xls) -- C:\Documents and Settings\Gemach Computer\My Documents\בעלי תפילה .xls
[2008/11/23 20:30:34 | 00,020,246 | ---- | M] ()(C:\Documents and Settings\Gemach Computer\My Documents\The ???? in ?? ???? ?? goes on to explain why the ???? goes to such great lengths to list so many details of the lives and happenings of the ????.doc) -- C:\Documents and Settings\Gemach Computer\My Documents\The רמבן in לך פרשת לך goes on to explain why the תורה goes to such great lengths to list so many details of the lives and happenings of the אבות.doc
[2008/11/09 00:14:38 | 00,020,246 | ---- | C] ()(C:\Documents and Settings\Gemach Computer\My Documents\The ???? in ?? ???? ?? goes on to explain why the ???? goes to such great lengths to list so many details of the lives and happenings of the ????.doc) -- C:\Documents and Settings\Gemach Computer\My Documents\The רמבן in לך פרשת לך goes on to explain why the תורה goes to such great lengths to list so many details of the lives and happenings of the אבות.doc
[2007/09/12 11:09:41 | 00,025,600 | ---- | M] ()(C:\Documents and Settings\Gemach Computer\My Documents\?????? ???.doc) -- C:\Documents and Settings\Gemach Computer\My Documents\מוסרני לכם.doc
[2007/09/12 11:01:00 | 00,025,600 | ---- | C] ()(C:\Documents and Settings\Gemach Computer\My Documents\?????? ???.doc) -- C:\Documents and Settings\Gemach Computer\My Documents\מוסרני לכם.doc
[2007/06/03 22:45:19 | 00,000,000 | ---D | C](C:\Documents and Settings\Gemach Computer\My Documents\???? ??????) -- C:\Documents and Settings\Gemach Computer\My Documents\אוצר הספרים
< End of report >


Below is the gmer.log:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-23 23:50:52
Windows 5.1.2600 Service Pack 2
Running: j6lor2r5.exe; Driver: C:\DOCUME~1\GEMACH~1\LOCALS~1\Temp\pwtdqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA9F51600, 0x25B0C, 0xE0000060]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


Thanx :(

#13 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:57 PM

Posted 26 December 2009 - 05:09 AM

Hello adambrown,

Step 1.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Step 2.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\IIAAG2DD.ini

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Step 3.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Under "Output" click the Minimal Output radio button.
  • Copy and Paste the following code into the Posted Image textbox.
Do not include the word "Code"

:Processes
C:\WINDOWS\explorer.exe (Microsoft Corporation)

:OTL
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O3 - HKU\S-1-5-21-341943289-924988582-3446032598-1005\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} -C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O33 - MountPoints2\{286ec7d3-18df-11de-abc6-00123f0e6ac0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\Shell\AutoRun\command - "" = E:\ypsniox.exe -- File not found
O33 - MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\Shell\explore\Command - "" = E:\ypsniox.exe -- File not found
O33 - MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\Shell\open\Command - "" = E:\ypsniox.exe -- File not found
O33 - MountPoints2\{6893feb8-1be8-11dd-ab71-00123f0e6ac0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fdab3506-bcdd-11de-ac01-00123f0e6ac0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fdab3507-bcdd-11de-ac01-00123f0e6ac0}\Shell\Auto\command - "" = F:\fun.xls.exe -- File not found
O33 - MountPoints2\{fdab3512-bcdd-11de-ac01-00123f0e6ac0}\Shell\Auto\command - "" = E:\fun.xls.exe -- File not found

:files
C:\Program Files\wxhxutw.inf
C:\Windows\Tasks\At*.job

:commands
[EmptyTemp]
[purity]
[StartExplorer]
[Reboot]
[*]Push Posted Image
[*]OTL may ask to reboot the machine. Please do so if asked.
[*]Click Posted Image.
[*]A report will open. Copy and Paste that report in your next reply.[/list]
Step 4.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

In your next reply please include:

Jotti scan results
OTL report
ComboFix.txt


Any Problems?

Thanks!!
PW

#14 adambrown

adambrown
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 27 December 2009 - 03:29 PM

Thanx.
Jotti did not find any problems.
Below is the OTL log:


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-341943289-924988582-3446032598-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{286ec7d3-18df-11de-abc6-00123f0e6ac0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{286ec7d3-18df-11de-abc6-00123f0e6ac0}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d0f3d62-01e0-11de-abbc-8000600fe800}\ not found.
File E:\ypsniox.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d0f3d62-01e0-11de-abbc-8000600fe800}\ not found.
File E:\ypsniox.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d0f3d62-01e0-11de-abbc-8000600fe800}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d0f3d62-01e0-11de-abbc-8000600fe800}\ not found.
File E:\ypsniox.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6893feb8-1be8-11dd-ab71-00123f0e6ac0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6893feb8-1be8-11dd-ab71-00123f0e6ac0}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdab3506-bcdd-11de-ac01-00123f0e6ac0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdab3506-bcdd-11de-ac01-00123f0e6ac0}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdab3507-bcdd-11de-ac01-00123f0e6ac0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdab3507-bcdd-11de-ac01-00123f0e6ac0}\ not found.
File F:\fun.xls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdab3512-bcdd-11de-ac01-00123f0e6ac0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdab3512-bcdd-11de-ac01-00123f0e6ac0}\ not found.
File E:\fun.xls.exe not found.
========== FILES ==========
C:\Program Files\wxhxutw.inf moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Gemach Computer
->Temp folder emptied: 31276852 bytes
->Temporary Internet Files folder emptied: 1745797 bytes
->Java cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 3521093 bytes
Windows Temp folder emptied: 637440 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 14973612 bytes

Total Files Cleaned = 52.00 mb

Error: Unable to interpret <[StartExplorer]> in the current context!

OTL by OldTimer - Version 3.1.19.0 log created on 12272009_145430

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Below is the ComboFix log:


ComboFix 09-12-26.05 - Gemach Computer 12/27/2009 15:06:33.1.1 - x86
Running from: c:\documents and settings\Gemach Computer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gemach Computer\Local Settings\Application Data\Kosong.Bron.Tok.txt
c:\windows\EventSystem.log
c:\windows\Install.txt
c:\windows\system32\7861902.exe
c:\windows\system32\Cache
c:\windows\system32\Install.txt
c:\windows\system32\sistem.sys
c:\windows\ufdata2000.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTWSRV
-------\Legacy_FASTNETSRV
-------\Legacy_R_SERVER
-------\Service_r_server


((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2022-11-24 20:08 . 2009-02-27 21:46 -------- d-----w- c:\program files\CR8
2009-12-27 19:54 . 2009-12-27 19:54 -------- d-----w- C:\_OTL
2009-12-22 05:12 . 2009-12-22 05:12 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-22 05:03 . 2009-12-22 05:03 -------- d-----w- c:\documents and settings\Gemach Computer\DoctorWeb
2009-12-14 03:36 . 2009-12-14 04:55 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 05:22 . 2009-03-05 22:35 -------- d-----w- c:\program files\Essentials Codec Pack
2009-12-25 05:20 . 2005-07-08 05:41 172488 ----a-w- c:\documents and settings\Gemach Computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-26 13:51 . 2009-11-20 17:44 15 ----a-w- C:\settings.dat
2009-11-25 15:45 . 2004-08-11 22:14 88135 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-25 13:50 . 2009-11-18 19:40 -------- d-----w- c:\program files\NirSoft
2009-11-25 13:50 . 2005-06-21 16:00 -------- d-----w- c:\program files\MUSICMATCH
2009-11-25 13:49 . 2009-02-16 20:13 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-25 13:48 . 2008-04-07 00:46 -------- d-----w- c:\program files\Free Easy Burner
2009-11-25 13:45 . 2009-03-05 19:38 -------- d-----w- c:\program files\CDBurnerXP
2009-11-20 18:25 . 2009-11-20 18:29 523776 ----a-w- C:\dds.scr
2009-11-20 08:31 . 2009-11-20 03:55 47616 ----a-w- C:\Win32kDiag.exe
2009-11-20 08:31 . 2009-11-20 03:55 529408 ----a-w- C:\OTL.exe
2009-11-20 08:31 . 2009-11-20 03:55 472064 ----a-w- C:\RootRepeal.exe
2009-11-20 08:27 . 2009-11-20 03:28 53128520 ----a-w- C:\Norman_Malware_Cleaner.exe
2009-11-20 08:09 . 2009-11-20 03:24 2986872 ----a-w- C:\FixVirut.com
2009-11-12 19:31 . 2005-07-01 18:07 -------- d-----w- c:\program files\Microsoft Money
2009-11-12 00:49 . 2009-11-12 00:49 -------- d-----w- c:\program files\xplorer2
2009-11-12 00:35 . 2009-11-12 00:35 3584 ----a-r- c:\documents and settings\Gemach Computer\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-11-12 00:35 . 2009-11-12 00:35 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-11-12 00:35 . 2009-11-12 00:35 -------- d-----w- c:\program files\MSECACHE
2009-11-11 02:54 . 2009-03-01 03:20 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-11 02:54 . 2009-03-01 03:20 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-11 02:54 . 2009-03-01 03:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-11 02:54 . 2009-11-11 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-11 02:54 . 2009-11-06 00:38 -------- d-----w- c:\program files\AVG
2009-11-06 06:33 . 2009-11-06 06:33 -------- d-----w- c:\program files\AVGold
2009-11-04 20:25 . 2009-11-04 20:25 -------- d-----w- c:\program files\Alwil Software
2009-11-04 20:13 . 2009-11-04 20:13 -------- d-----w- c:\documents and settings\Gemach Computer\Application Data\Malwarebytes
2009-11-04 20:13 . 2009-11-04 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 08:37 . 2008-05-28 04:16 -------- d-----w- c:\program files\Radmin
2009-11-04 08:37 . 2008-05-16 22:26 -------- d-----w- c:\program files\QuickTime
2009-11-04 08:33 . 2005-06-21 15:56 -------- d-----w- c:\program files\Modem Helper
2009-11-04 08:32 . 2006-03-03 06:06 -------- d-----w- c:\program files\Microsoft Streets and Trips 2004
2009-11-04 08:32 . 2005-06-21 16:01 -------- d-----w- c:\program files\Microsoft Plus! Photo Story 2 LE
2009-11-04 08:17 . 2007-02-25 20:03 -------- d-----w- c:\program files\Lexmark X125
2009-11-03 21:07 . 2009-11-03 21:07 110592 ----a-w- c:\documents and settings\Gemach Computer\Application Data\U3\temp\cleanup.exe
2009-11-03 21:07 . 2009-11-03 21:07 3350529 ----a-w- c:\documents and settings\Gemach Computer\Application Data\U3\temp\Launchpad Removal.exe
2009-11-03 21:06 . 2005-06-21 15:34 118124 ----a-w- c:\windows\system32\Prounstl.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-27 2033432]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Network Chat AutoStart.lnk - c:\program files\Global Devtech\Network Chat\Network Chat.exe [2005-2-6 344064]
UVNCServer.lnk - c:\program files\UltraVNC\winvnc.exe [2009-1-4 1692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-11 02:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lexmark X125 Settings Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk
backup=c:\windows\pss\Lexmark X125 Settings Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Network Chat AutoStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Network Chat AutoStart.lnk
backup=c:\windows\pss\Network Chat AutoStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gemach Computer^Start Menu^Programs^Startup^AM.lnk]
path=c:\documents and settings\Gemach Computer\Start Menu\Programs\Startup\AM.lnk
backup=c:\windows\pss\AM.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bron-Spizaetus]
2006-06-18 17:56 712704 ----a-w- c:\progra~1\Utra Vnc\winvnc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 126976 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-11-03 03:59 126976 -c--a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-11-03 04:03 155648 -c--a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81921 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 17:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMPDPSRV]
2002-07-11 19:31 45056 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\LMpdpsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
2002-01-28 12:48 885760 ----a-w- c:\windows\system32\LXSUPMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
2004-12-09 18:58 86016 -c--a-w- c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 03:13 382414 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-06-21 16:06 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48 32769 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-05-14 05:35 536576 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-05-13 15:23 98304 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2006-06-18 17:56 712704 ----a-w- c:\progra~1\Utra Vnc\winvnc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"W3SVC"=2 (0x2)
"BtwSrv"=2 (0x2)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\LMpdpsrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 IcRecUsb;IC Recorder Driver;c:\windows\system32\Drivers\IcRecUsb.sys [2001-10-02 17432]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-10 7552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-11 333192]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-12-27 285392]

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
MSConfigStartUp-Bron-Spizaetus-cgipkmpv - c:\windows\ShellNew\bbm-vpmkpigc.exe
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-IMJPMIG8 - msime82.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\McAgent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
MSConfigStartUp-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
MSConfigStartUp-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-MsServer - msfun80.exe
MSConfigStartUp-Tok-Cirrhatus - c:\documents and settings\Gemach Computer\Local Settings\Application Data\br9825on.exe
MSConfigStartUp-Tok-Cirrhatus-4401 - c:\documents and settings\Gemach Computer\Local Settings\Application Data\br9825on.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
MSConfigStartUp-windll - c:\program files\Starr\wsys.exe
MSConfigStartUp-wxhxutw - c:\program files\Common Files\System\delnqln.exe
MSConfigStartUp-ypsniox - c:\program files\Common Files\Microsoft Shared\gdywrsr.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-Windows Mobile Device Handbook - c:\program files\Touch by HTC User Guide\Windows Mobile Device Handbook\Bin\DHUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 15:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-27 15:23:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 20:22

Pre-Run: 2,401,353,728 bytes free
Post-Run: 2,287,812,608 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 67C0A360AAECE2B67086634173ED075A



Thanx again.

#15 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:57 PM

Posted 28 December 2009 - 05:25 PM

Hello adambrown,

Some of your programs need to be updated.

Step 1.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Adobe Reader needs to be updated.
Please go here to update Adobe Reader

Step 2.

We need to do a regfix.

Copy the entire contents inside the Quote box, ( Do not copy the word "quote"), and Paste it into Notepad ( this will only work with Notepad ). Name the file Regfix.reg and in the drop down box, save it as All Files.
Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BtwSrv"=-

NOTICE: This file was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Step 3.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
In your next reply please include:

ESETScan results

Any problems? How is your computer running?

Thanks!!
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users