Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

newbie here, Computer is hacked PLEASE help


  • This topic is locked This topic is locked
12 replies to this topic

#1 rbn6691

rbn6691

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 28 November 2009 - 05:36 PM

Hello, I'm a newbie here and need help badly. My computer is hacked, I have my cd door open all the time, have had my computer fan shut down, someone is trying to hack my email, I use firefox and at times it will not shut down, even through task manager and when it will not shut down my computer will not shut off, I use zone alarm and have IE blocked, yet when I run FIrefox sometimes IE runs also, plus much much more. I have an HP dv6662se laptop with vista home premium.
I can not download the dds program, all that happens is that a notebook file loads on my desktop full of gibberish. Here is rootrepel, hijackthis and IObit Security 360 (said to be able to be read just like hijack) logs.




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/28 15:22
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8CE68000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8CE73000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA8D32000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{11a682e7-daa7-11de-afc4-064804eaf447}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{23785955-dc52-11de-8aff-064804eaf447}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5d9e955c-d66b-11de-a95b-064804eaf447}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{78c84eac-da08-11de-a0c5-064804eaf447}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{78c84eb2-da08-11de-a0c5-064804eaf447}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a976038e-db77-11de-a711-064804eaf447}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\$AVG\$CHJW\2a58217f-2714-4f8d-b197-5f4ab137e5cb
Status: Visible to the Windows API, but not on disk.

Path: C:\$AVG\$CHJW\35d6c438-15ff-4080-9632-784bce7b4331
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\servicing\$$DeleteMe.TrustedInstaller.exe.01ca6a7b43bfdabf.00c3
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.emdmgmt.dll.01ca6a7b33567fdf.007e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.es.dll.01ca6a7b350095ff.0090
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.esent.dll.01ca6a7b3183f25f.006a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.locale.nls.01ca6a7b37e742ff.00ad
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.localspl.dll.01ca6a7b35fa865f.009a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.profsvc.dll.01ca6a7b33861b5f.0080
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.propsys.dll.01ca6a7b28d4ae1f.002a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.NaturalLanguage6.dll.01ca6a7b3709e31f.00a6
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.ncrypt.dll.01ca6a7b30eb9a5f.0065
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.srclient.dll.01ca6a7b26cb60ff.001a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.srvsvc.dll.01ca6a7b2ae2bdff.0037
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.advapi32.dll.01ca6a7b26fd5ddf.001c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.apphelp.dll.01ca6a7b35e77b5f.0099
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.atl.dll.01ca6a7b32e43ddf.0076
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.audiodg.exe.01ca6a7b2706e35f.001d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.AudioSes.dll.01ca6a7b3219e8ff.006f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.audiosrv.dll.01ca6a7b35244a9f.0091
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.authui.dll.01ca6a7b313c891f.0067
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.authz.dll.01ca6a7b344e0edf.008a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.bcrypt.dll.01ca6a7b27850c3f.001f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.BFE.DLL.01ca6a7b1f160d1f.0002
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.bitsigd.dll.01ca6a7b2e45327f.0055
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.certcli.dll.01ca6a7b2b7fd8bf.003d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.CertEnroll.dll.01ca6a7b32f748df.0078
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.comdlg32.dll.01ca6a7b2bd7eb9f.003e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.credui.dll.01ca6a7b246a00ff.000a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.crypt32.dll.01ca6a7b33378dff.007c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.cryptsvc.dll.01ca6a7b2c75065f.0045
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.cryptui.dll.01ca6a7b307bb9bf.0061
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.cscapi.dll.01ca6a7b364b751f.009d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.d3d9.dll.01ca6a7b308ec4bf.0062
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.davclnt.dll.01ca6a7b35e0573f.0098
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.dhcpcsvc.dll.01ca6a7b365037df.009e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.dhcpcsvc6.dll.01ca6a7b24b3cb9f.000d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.diagperf.dll.01ca6a7b37a23b1f.00ab
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.dnsapi.dll.01ca6a7b25d6335f.0016
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.dnsrslvr.dll.01ca6a7b2a5b0f9f.0032
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.eappcfg.dll.01ca6a7b24c6d69f.000e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.eapphost.dll.01ca6a7b378ccebf.00aa
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.fdProxy.dll.01ca6a7b27dd1f1f.0021
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.fdSSDP.dll.01ca6a7b2db3fe9f.004f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.fdWSD.dll.01ca6a7b35c3c6bf.0096
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.feclient.dll.01ca6a7b36c0187f.00a3
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.fundisc.dll.01ca6a7b2b171c3f.003a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.FWPUCLNT.DLL.01ca6a7b1f07c4df.0001
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.FwRemoteSvr.dll.01ca6a7b3039133f.0060
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.gdi32.dll.01ca6a7b332945bf.007b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.gpapi.dll.01ca6a7b2faca21f.005b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.imm32.dll.01ca6a7b28b35adf.0029
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.inetpp.dll.01ca6a7b2a3c1dbf.002e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.IPHLPAPI.DLL.01ca6a7b2adb99df.0036
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.iphlpsvc.dll.01ca6a7b1f40e5df.0004
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.IPSECSVC.DLL.01ca6a7b2d6ef6bf.004d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.kerberos.dll.01ca6a7b33d70a1f.0084
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.kernel32.dll.01ca6a7b28b0f97f.0028
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mfc42.dll.01ca6a7b37e01edf.00ac
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mfc42u.dll.01ca6a7b24d9e19f.0010
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mfplat.dll.01ca6a7b257bbf1f.0013
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.midimap.dll.01ca6a7b320ba0bf.006e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.MMDevAPI.dll.01ca6a7b3745657f.00a8
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.modemui.dll.01ca6a7b384d9e1f.00b2
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mpr.dll.01ca6a7b2c325fdf.0041
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mprapi.dll.01ca6a7b2484301f.000c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.MPSSVC.dll.01ca6a7b33ff817f.0086
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.msacm32.drv.01ca6a7b382eac3f.00b1
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.msasn1.dll.01ca6a7b32210d1f.0070
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mscms.dll.01ca6a7b2fa7df5f.005a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mscoree.dll.01ca6a7b31a2e43f.006b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.msctf.dll.01ca6a7b2513029f.0012
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.msscb.dll.01ca6a7b346d00bf.008b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mssprxy.dll.01ca6a7b3348379f.007d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mssrch.dll.01ca6a7b337571bf.007f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.msv1_0.dll.01ca6a7b326d391f.0071
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.msvcp60.dll.01ca6a7b2c47cc3f.0043
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.msvcrt.dll.01ca6a7b2e10d43f.0052
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mswsock.dll.01ca6a7b3002539f.005d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.netapi32.dll.01ca6a7b3444895f.0089
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.netlogon.dll.01ca6a7b2805967f.0024
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.netshell.dll.01ca6a7b34c9d65f.008d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.ntdll.dll.01ca6a7b1f3c231f.0003
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.ntmarta.dll.01ca6a7b2d22cabf.004b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.odbc32.dll.01ca6a7b3721b0df.00a7
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.ole32.dll.01ca6a7b2ce7485f.0049
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.oleaut32.dll.01ca6a7b2a53eb7f.0031
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.olepro32.dll.01ca6a7b27c7b2bf.0020
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.onex.dll.01ca6a7b24f410bf.0011
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.PortableDeviceApi.dll.01ca6a7b31d01e5f.006c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.qmgr.dll.01ca6a7b2fc46fdf.005c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.quartz.dll.01ca6a7b30b4dabf.0063
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.Query.dll.01ca6a7b2f8db03f.0058
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rasapi32.dll.01ca6a7b259d125f.0014
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.raschap.dll.01ca6a7b2a40e07f.002f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rasdlg.dll.01ca6a7b247aaa9f.000b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rasmans.dll.01ca6a7b329a733f.0073
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rasplap.dll.01ca6a7b355d6b9f.0095
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rasppp.dll.01ca6a7b2c43097f.0042
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rastapi.dll.01ca6a7b32e9009f.0077
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rastls.dll.01ca6a7b301a215f.005f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rpcrt4.dll.01ca6a7b3673ec7f.00a0
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rpcss.dll.01ca6a7b34d5bd3f.008e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rsaenh.dll.01ca6a7b2bed57ff.003f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rtutils.dll.01ca6a7b2a6e1a9f.0033
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.samlib.dll.01ca6a7b2f73811f.0057
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.samsrv.dll.01ca6a7b2670ecbf.0018
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.scecli.dll.01ca6a7b24679f9f.0009
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.scesrv.dll.01ca6a7b36eaf13f.00a5
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.schannel.dll.01ca6a7b3159199f.0068
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.schedsvc.dll.01ca6a7b2c834e9f.0046
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.SearchIndexer.exe.01ca6a7b33189c1f.007a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.secur32.dll.01ca6a7b1f9b5a1f.0008
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.services.exe.01ca6a7b27edc8bf.0022
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.setupapi.dll.01ca6a7b33ac315f.0082
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.shell32.dll.01ca6a7b31ecaedf.006d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.shlwapi.dll.01ca6a7b2ccab7df.0048
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.shsvcs.dll.01ca6a7b312e40df.0066
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.SLC.dll.01ca6a7b2d3112ff.004c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.SLsvc.exe.01ca6a7b2a9b54bf.0034
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.slwga.dll.01ca6a7b2de138bf.0050
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.SmartcardCredentialProvider.dll.01ca6a7b32bbc67f.0074
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.smss.exe.01ca6a7b1ef97c9f.0000
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.tapisrv.dll.01ca6a7b2c1f54df.0040
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.taskcomp.dll.01ca6a7b35459ddf.0094
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.taskeng.exe.01ca6a7b3287683f.0072
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.tcpmon.dll.01ca6a7b376b7b7f.00a9
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.termsrv.dll.01ca6a7b35d4705f.0097
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.tquery.dll.01ca6a7b3394639f.0081
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.umpnpmgr.dll.01ca6a7b3697a11f.00a1
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.unimdm.tsp.01ca6a7b2a4341df.0030
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.user32.dll.01ca6a7b282226ff.0025
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.userenv.dll.01ca6a7b3654fa9f.009f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.usp10.dll.01ca6a7b2a32983f.002d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.uxsms.dll.01ca6a7b3641ef9f.009c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.version.dll.01ca6a7b25c3285f.0015
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.vssapi.dll.01ca6a7b275570bf.001e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.w32time.dll.01ca6a7b3423361f.0087
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wdigest.dll.01ca6a7b2aa73b9f.0035
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wdmaud.drv.01ca6a7b2e23df3f.0053
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wdscore.dll.01ca6a7b300977bf.005e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WebClnt.dll.01ca6a7b33b3557f.0083
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wer.dll.01ca6a7b2d1e07ff.004a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wersvc.dll.01ca6a7b32dab85f.0075
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wevtapi.dll.01ca6a7b24cdfabf.000f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wevtsvc.dll.01ca6a7b26c69e3f.0019
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wiaservc.dll.01ca6a7b3427f8df.0088
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.win32spl.dll.01ca6a7b29e66c3f.002c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WindowsCodecs.dll.01ca6a7b380d58ff.00ae
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winhttp.dll.01ca6a7b2869903f.0027
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winlogon.exe.01ca6a7b363608bf.009b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winmm.dll.01ca6a7b33f5fbff.0085
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winrnr.dll.01ca6a7b3816de7f.00af
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WinSCard.dll.01ca6a7b2e7bf21f.0056
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winspool.drv.01ca6a7b34b2089f.008c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winsrv.dll.01ca6a7b28f862bf.002b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wkssvc.dll.01ca6a7b2630a79f.0017
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wlanmsm.dll.01ca6a7b282e0ddf.0026
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wlansec.dll.01ca6a7b26e5901f.001b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wlansvc.dll.01ca6a7b30d88f5f.0064
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.Wldap32.dll.01ca6a7b2f94d45f.0059
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wlgpclnt.dll.01ca6a7b2ca9649f.0047
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wscapi.dll.01ca6a7b2b33acbf.003b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wscisvif.dll.01ca6a7b2e36ea3f.0054
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wscsvc.dll.01ca6a7b381e029f.00b0
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WSDApi.dll.01ca6a7b2c6de23f.0044
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wsdchngr.dll.01ca6a7b2b4b7a7f.003c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WSDMon.dll.01ca6a7b27f74e3f.0023
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wsnmp32.dll.01ca6a7b2b0d96bf.0039
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.lpk.dll.01ca6a7b36d0c21f.00a4
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.lsasrv.dll.01ca6a7b1f649a7f.0006
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.lsass.exe.01ca6a7b1f4a6b5f.0005
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.IKEEXT.DLL.01ca6a7b1f91d49f.0007
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.adsldpc.dll.01ca6a7b2b06729f.0038
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.adtschema.dll.01ca6a7b3305911f.0079
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.Kswdmcap.ax.01ca6a7b2d761adf.004e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.powrprof.dll.01ca6a7b35290d5f.0092
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.spoolss.dll.01ca6a7b31629f1f.0069
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.spoolsv.exe.01ca6a7b353c185f.0093
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.spp.dll.01ca6a7b36ad0d7f.00a2
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.sysmain.dll.01ca6a7b2dfdc93f.0051
Status: Locked to the Windows API!

Path: c:\windows\internet logs\jim.ldb
Status: Size mismatch (API: 647680, Raw: 646144)

Path: c:\windows\internet logs\zalog.txt
Status: Size mismatch (API: 947, Raw: 786)

Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\AdvancedInstallers\$$DeleteMe.cmiv2.dll.01ca6a7b3abd465f.00bf
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.esscli.dll.01ca6a7b3915919f.00b7
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.fastprox.dll.01ca6a7b39478e7f.00b9
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.NCProv.dll.01ca6a7b3910cedf.00b6
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.repdrvfs.dll.01ca6a7b39641eff.00bc
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.wbemcore.dll.01ca6a7b3980af7f.00bd
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.wbemess.dll.01ca6a7b38d7addf.00b4
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.wbemprox.dll.01ca6a7b3993ba7f.00be
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.wbemsvc.dll.01ca6a7b3953755f.00ba
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.WmiPrvSD.dll.01ca6a7b395f5c3f.00bb
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.WMIsvc.dll.01ca6a7b393ba79f.00b8
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\$$DeleteMe.wmiutils.dll.01ca6a7b38e8577f.00b5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_18f8a87fd1919cd9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_3da38fdebd0e6822.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_99b61f5e8371c1d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_750b37ff97f4f68b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6002.18005_none_eb63fcdad4ebfd16\$$DeleteMe.ComSvcConfig.exe.01ca6a7d5db3aaf5.00d5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.18103_none_350bc0b4545805e4\$$DeleteMe.Microsoft.MediaCenter.UI.dll.01ca6a7d5f24a015.00d8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_mmcfxcommon_31bf3856ad364e35_6.0.6002.18005_none_5452e9e5750caf3c\$$DeleteMe.MMCFxCommon.dll.01ca6a7d68e34115.00e0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.configuration_b03f5f7f11d50a3a_6.0.6002.18005_none_2afff036370d4fd2\$$DeleteMe.System.configuration.dll.01ca6a7d5d7365d5.00d0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.runtime.remoting_b77a5c561934e089_6.0.6002.18005_none_c56ff2c845843ca9\$$DeleteMe.System.Runtime.Remoting.dll.01ca6a7d68b3a595.00dd
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6002.18005_none_f2a122c3b26ab304\$$DeleteMe.System.Web.Services.dll.01ca6a7d5cee18d5.00c9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system_b77a5c561934e089_6.0.6002.18005_none_da6b514d5c49c6bc\$$DeleteMe.System.dll.01ca6a7d5d2bfc95.00ce
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_bdatunepia_31bf3856ad364e35_6.0.6002.18005_none_6bd8bc4c874acaa0\$$DeleteMe.BDATunePIA.dll.01ca6a7d5e910ad5.00d6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdproxy_31bf3856ad364e35_6.0.6000.16386_none_792f8ff471a64e3b\$$DeleteMe.fdProxy.dll.01ca6a7b27dd1f1f.0021
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdssdp_31bf3856ad364e35_6.0.6001.18000_none_3addf297743e6161\$$DeleteMe.fdSSDP.dll.01ca6a7b2db3fe9f.004f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdwsd_31bf3856ad364e35_6.0.6001.18000_none_7da88373c225d895\$$DeleteMe.fdWSD.dll.01ca6a7b35c3c6bf.0096
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0.6001.18000_none_7be46ed83ae29055\$$DeleteMe.fundisc.dll.01ca6a7b2b171c3f.003a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.1.6002.18005_none_45feb528d6cfb4c2\$$DeleteMe.fundisc.dll.01ca6a7d52a0a555.003b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..dProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1384 Status: Locked to the Windows API!

SSDT
-------------------
#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91f880

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91f4e0

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91c828

#: 064 Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c932d9c

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91fc36

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c930af8

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c930d12

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c934780

#: 115 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91fcde

#: 122 Function Name: NtDeleteFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91cd0a

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c933698

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c933414

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c9304f8

#: 166 Function Name: NtLoadKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c933bc6

#: 167 Function Name: NtLoadKey2
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c933c3e

#: 168 Function Name: NtLoadKeyEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c933d2e

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91cba2

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c931f18

#: 267 Function Name: NtRenameKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c934370

#: 268 Function Name: NtReplaceKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c933da6

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91f16a

#: 280 Function Name: NtRestoreKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c9341b0

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91f680

#: 301 Function Name: NtSetInformationFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91cef8

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c93311a

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c931486

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c931362

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c930f30

Shadow SSDT
-------------------
#: 479 Function Name: NtUserMessageCall
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91e618

#: 497 Function Name: NtUserPostMessage
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91e6a6

#: 498 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91e748

#: 513 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91d6f0

#: 525 Function Name: NtUserSendInput
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8c91e95e

==EOF==




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:43 PM, on 11/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 3\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe (file missing)
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 3256 bytes





Logfile of IObit HijackScan v1.0.0.0
Scan saved at 15:32:6, on 2009-11-28

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 3\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\Robin\Desktop\RootRepeal.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\IObit\bitiosecurity\is360.exe
C:\Program Files\IObit\bitiosecurity\is360tray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IObit\bitiosecurity\IS360srv.exe
C:\Program Files\IObit\bitiosecurity\a_hijackscan.exe

O2 - BHO: KeyScramblerBHO Class - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O9 - Extra button: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} -
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Com4Qlb (Com4Qlb) - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -
O23 - Service: Diagnostic Policy Service (DPS) - Unknown -
O23 - Service: HP Health Check Service (HP Health Check Service) - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex (hpqwmiex) - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown - C:\Program Files\iolo\System Mechanic 7\IoloSGCtrl.exe
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -
O23 - Service: Security Accounts Manager (SamSs) - Unknown -
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -
O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe
O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\bitiosecurity\IS360srv.exe




Thanks for any help!!!!!!!!!!

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:47 PM

Posted 06 December 2009 - 02:15 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 rbn6691

rbn6691
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 06 December 2009 - 07:15 PM

Yes, thank you, I still need help. I put in a new help thread a few days back because I couldn't access my email, but got it back, I believe I posted under SarahSmile66, but I was able to get back into my email. I have done a number of this since the last post, RegRun found and removed a couple of different things. My CD door is still opening on it's own, I can not do Microsoft updates and Windows Defender will not stay running, I know when I am online I am in some kind of virtual situation, I don't know if it is a vnp, or what the situation is, but the one day I was online and a common page I go to would not load and I got this message about something virtual, I should have written it down, but didn't, and no, I am not set up virtually with anyone - to my knowledge, when I go to Google, the Google logo loads, but the rest of the page, the Web Images Video, everything else takes awhile longer to load. Doing several things that I have read on here I have gained back a lot of control on my computer, the desktop and loading some programs, but I know there are still issues. I downloaded Winpatrol and it found

appmgmts in svchosts.exe app... and it's startup is listed as 0anual

this shows while (list non microsoft services only) is checked, so I think this may be the issue.

I've done the Windows live scan, every trojan scan I have found on here, and it shows nothing. I'm sure I will just end up needing to wipe and reload - Oh, several months ago my system crash, I paid an alleged trained tech to work on it. He didn't bother to tell my he knew nothing about Vista and actually downloaded a torrent file that was, SURPRISE, filled with viruses and trojans!!!! About a month and a half ago I paid a different guy to please WIPE my hard drive and reload it. He obviously did not wipe it - old chckdsk are still in the bios and I lost 18 GB, yes, GB not MB of my hard drive, he claimed that that is not unusual?!?!?! I can't imagine that too many people would be too happy to loose 18 GB of their hard drive, anyway, I don't know if maybe this is where something could be hiding??

Anyway, here is the DDS log


Thanks in advance for any and all help!

Attached Files



#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:47 PM

Posted 06 December 2009 - 08:25 PM

Hello rbn6691.

You only posted the Attach.txt portion of the DDS logs. note that when DDS runs it produces two logs. You're missing DDS.txt. Please re-run the program and submit both logs.

Thanks!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 rbn6691

rbn6691
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 06 December 2009 - 08:58 PM

Sorry about that, here they are:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Robin at 18:52:44.53 on Sun 12/06/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1100 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\IObit\bitiosecurity\IS360srv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Robin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mURLSearchHooks: H - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uPolicies-explorer: NoPrintSharing = 1 (0x1)
uPolicies-explorer: NoFileSharing = 1 (0x1)
mPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\robin\appdata\roaming\mozilla\firefox\profiles\fdt7bwdx.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-3 11608]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-11-20 12800]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-1 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-3 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-3 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-3 55656]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-11-20 628584]
R2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-11-20 628584]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-11-20 628584]
R2 IS360service;IS360service;c:\program files\iobit\bitiosecurity\is360srv.exe [2009-11-28 312592]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-11-25 115312]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-12-4 34760]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-12-05 04:44:16 35040 ----a-w- c:\windows\system32\Partizan.exe
2009-12-05 04:44:16 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-12-05 03:50:44 57556 ----a-w- c:\windows\guard.bmp
2009-12-05 03:48:36 2 --shatr- c:\windows\winstart.bat
2009-12-05 03:48:07 0 d-----w- c:\program files\Greatis
2009-12-05 03:24:54 0 d-----w- C:\Autoruns
2009-12-05 02:33:48 0 d-----w- c:\users\robin\appdata\roaming\WinPatrol
2009-12-05 02:33:38 0 d-----w- c:\program files\BillP Studios
2009-12-04 05:24:56 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 05:24:54 0 d-----w- c:\programdata\Avira
2009-12-04 05:24:54 0 d-----w- c:\program files\Avira
2009-12-03 10:56:11 0 d-----w- C:\hp
2009-12-03 09:02:34 0 d-----w- c:\windows\Sminst
2009-12-03 08:04:43 0 d-----w- c:\windows\system32\ENU
2009-12-03 08:04:42 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2009-12-03 08:04:23 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-12-03 08:02:59 1191936 ----a-w- c:\windows\RtlUpd.exe
2009-12-03 08:02:58 4390912 ----a-w- c:\windows\RtHDVCpl.exe
2009-12-03 08:02:44 520192 ----a-w- c:\windows\RtlExUpd.dll
2009-12-02 14:03:36 0 d---a-w- c:\programdata\TEMP
2009-12-02 14:03:28 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-12-02 14:03:28 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2009-12-02 14:03:28 0 d-----w- c:\program files\SpywareBlaster
2009-12-02 10:36:44 295 ----a-w- c:\windows\system32\InstallUtil.InstallLog
2009-12-02 09:02:06 0 d-----w- c:\users\robin\appdata\roaming\QuickScan
2009-12-02 03:55:14 0 d-----w- c:\program files\a-squared Free
2009-12-02 03:40:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 03:12:40 0 d-----w- c:\users\robin\appdata\roaming\Uniblue
2009-12-02 03:12:40 0 d-----w- c:\programdata\DriverScanner
2009-12-02 03:12:40 0 d-----w- c:\program files\Uniblue
2009-12-01 21:25:34 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-01 21:25:23 446664 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-12-01 21:25:23 422437 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-01 21:25:23 0 d-----w- c:\windows\system32\ZoneLabs
2009-12-01 21:25:20 0 d-----w- c:\program files\Zone Labs
2009-12-01 21:23:20 0 d-----w- c:\windows\Internet Logs
2009-12-01 20:30:45 0 d-----w- c:\users\robin\appdata\roaming\CheckPoint
2009-11-30 06:09:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-30 06:09:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 21:38:06 0 d-----w- c:\program files\Mozilla Firefox 3.6 Beta 3
2009-11-25 21:37:27 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-11-25 21:27:41 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 21:27:40 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 21:27:38 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-21 07:06:02 0 d-----w- c:\windows\system32\EventProviders
2009-11-21 06:00:47 0 d-----w- C:\541e90a10a8f4bd8e04955675d
2009-11-20 09:16:07 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-20 09:15:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-20 09:15:51 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-20 08:43:59 406 ----a-w- c:\windows\system32\ioloBootDefrag.cfg
2009-11-20 08:41:23 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2009-11-20 08:26:10 12800 ----a-w- c:\windows\system32\drivers\elrawdsk.sys
2009-11-20 08:18:19 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-20 08:18:03 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-20 08:17:37 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-20 08:17:37 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-20 07:21:17 0 d-----w- c:\program files\iolo
2009-11-20 07:20:27 0 d-----w- c:\users\robin\appdata\roaming\iolo
2009-11-20 07:20:27 0 d-----w- c:\programdata\iolo
2009-11-20 07:14:43 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-11-11 23:19:06 0 d-----w- c:\program files\LSoft Technologies
2009-11-07 08:28:38 0 d-----w- c:\users\robin\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-07 08:23:08 0 d-----w- c:\programdata\Adobe
2009-11-07 08:19:24 0 d-----w- c:\program files\ESET
2009-11-07 07:57:16 0 d-----w- c:\programdata\NOS

==================== Find3M ====================

2009-12-06 00:29:26 0 ----a-w- c:\program files\MF
2009-12-03 08:28:46 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-03 08:28:46 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-03 08:05:46 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-03 08:03:00 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-11-21 07:31:43 30808 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-21 07:20:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-26 22:09:06 1095936 ----a-w- c:\windows\system32\drivers\smserial.sys
2009-10-26 21:45:33 316736 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-10-24 17:25:05 315392 ----a-w- c:\windows\HideWin.exe
2009-10-24 16:57:05 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6500 Notebook PC_Y5335KV_0U_QCNF7377XH0_EU_4A_I30CC_SQuanta_V79.2E_F.59_T081125_WV3-1_L409_M2038_J250_7Intel_86FD_91.50_#091024_N10EC8136;80864222_(GS803UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-10-24 15:42:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-09-10 17:30:12 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:21:53 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:21:07 310784 ----a-w- c:\windows\system32\unregmp2.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:53:14.62 ===============



Thanks

Attached Files



#6 rbn6691

rbn6691
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 06 December 2009 - 08:59 PM

Oh, I see now that Windows defender is enabled, should I shut that down and do another scan?

#7 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:09:47 PM

Posted 07 December 2009 - 12:31 AM

Hi rbn6691, welcome to Bleeping Computer :(


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.



Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#8 rbn6691

rbn6691
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 07 December 2009 - 03:18 PM

Hello SpySentinel and thank you for your help. I guess I'm not quite sure what I should do here, do you want me to run OTL first and then run it again a second time with the added text?
Robin

#9 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:09:47 PM

Posted 08 December 2009 - 03:35 PM

Hi Robin, you're welcome :(


Open OTL, then
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Edited by SpySentinel, 08 December 2009 - 03:35 PM.

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#10 rbn6691

rbn6691
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 08 December 2009 - 09:32 PM

I ran the scan but only got one file, here it is:

OTL logfile created on: 12/8/2009 7:22:00 PM - Run 3
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Users\Robin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.92% Memory free
4.00 Gb Paging File | 3.37 Gb Available in Paging File | 84.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 215.60 Gb Free Space | 92.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIM
Current User Name: Robin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/08 19:18:59 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
PRC - [2009/11/22 15:42:50 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files\IObit\bitiosecurity\is360srv.exe
PRC - [2009/10/01 17:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/15 17:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/02/26 12:31:16 | 00,628,584 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2008/01/20 19:23:52 | 00,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/08 19:18:59 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
MOD - [2008/01/20 19:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (IOLO_SRV)
SRV - [2009/11/22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files\IObit\bitiosecurity\is360srv.exe -- (IS360service)
SRV - [2009/10/01 17:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/04/15 17:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/26 12:31:16 | 00,628,584 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2008/02/26 12:31:16 | 00,628,584 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloProductUpdate)
SRV - [2008/02/26 12:31:16 | 00,628,584 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2008/01/20 19:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 18:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 18:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/03/05 08:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/05/02 13:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 EC 16 5A C9 54 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/05 19:18:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/05 19:18:27 | 00,000,000 | ---D | M]

[2009/12/05 19:18:35 | 00,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\mozilla\Extensions
[2009/12/05 19:28:38 | 00,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\fdt7bwdx.default\extensions
[2009/12/05 19:18:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (361531 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12430 more lines...
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrintSharing = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileSharing = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/04 20:24:54 | 00,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 19:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/08 19:18:56 | 00,536,576 | ---- | C] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
[2009/12/04 22:05:11 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/12/04 21:44:16 | 00,035,040 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2009/12/04 21:44:16 | 00,034,760 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2009/12/04 20:48:10 | 00,000,000 | ---D | C] -- C:\Users\Robin\Documents\RegRun2
[2009/12/04 20:48:07 | 00,000,000 | ---D | C] -- C:\Program Files\Greatis
[2009/12/04 20:24:54 | 00,000,000 | ---D | C] -- C:\Autoruns
[2009/12/04 19:33:48 | 00,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\WinPatrol
[2009/12/04 19:33:38 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2009/12/04 19:32:47 | 00,999,160 | ---- | C] (BillP Studios) -- C:\Users\Robin\Desktop\wpsetup.exe
[2009/12/03 22:24:56 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/12/03 22:24:56 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/12/03 22:24:56 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/12/03 22:24:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/12/03 22:24:54 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/12/03 18:21:29 | 00,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Apps
[2009/12/03 05:25:49 | 00,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\temp
[2009/12/03 05:18:40 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/12/03 03:56:11 | 00,000,000 | ---D | C] -- C:\hp
[2009/12/03 02:02:34 | 00,000,000 | ---D | C] -- C:\Windows\Sminst
[2009/12/03 01:04:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\ENU
[2009/12/03 01:04:12 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/12/03 01:02:58 | 04,390,912 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2009/12/02 07:03:36 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/12/02 07:03:28 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/12/02 06:25:51 | 05,207,047 | ---- | C] (McAfee Inc.) -- C:\Users\Robin\Desktop\stinger1001688.exe
[2009/12/02 06:16:46 | 03,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Users\Robin\Desktop\spywareblastersetup42.exe
[2009/12/02 06:14:01 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Users\Robin\Desktop\TFC.exe
[2009/12/02 02:02:06 | 00,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\QuickScan
[2009/12/02 01:06:15 | 08,084,968 | ---- | C] (Mozilla) -- C:\Users\Robin\Desktop\Firefox Setup 3.5.5.exe
[2009/12/01 20:55:14 | 00,000,000 | ---D | C] -- C:\Users\Robin\Documents\a-squared Free
[2009/12/01 20:55:14 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/12/01 20:40:34 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/12/01 20:12:40 | 00,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Uniblue
[2009/12/01 20:12:40 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/12/01 20:12:40 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverScanner
[2009/12/01 14:25:23 | 00,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2009/12/01 14:25:20 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/12/01 14:23:20 | 00,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2009/12/01 13:30:45 | 00,000,000 | ---D | C] -- C:\Users\Robin\Documents\ForceField Shared Files
[2009/12/01 13:30:45 | 00,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\CheckPoint
[2009/11/29 23:09:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/29 23:09:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/28 17:36:04 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/28 15:28:01 | 08,043,648 | ---- | C] (IObit ) -- C:\Users\Robin\Desktop\is360setup130.exe
[2009/11/25 14:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 3.6 Beta 3
[2009/11/25 14:37:27 | 00,115,312 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys

========== Files - Modified Within 14 Days ==========

[2009/12/08 19:22:53 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/08 19:22:53 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/08 19:22:53 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/08 19:20:20 | 05,505,024 | -HS- | M] () -- C:\Users\Robin\ntuser.dat
[2009/12/08 19:18:59 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
[2009/12/08 19:16:52 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/08 19:16:34 | 00,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/08 19:16:33 | 00,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/08 19:16:25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/07 22:05:35 | 00,524,288 | -HS- | M] () -- C:\Users\Robin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/07 22:05:35 | 00,065,536 | -HS- | M] () -- C:\Users\Robin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/07 17:28:53 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/12/07 12:34:50 | 01,407,622 | -H-- | M] () -- C:\Users\Robin\AppData\Local\IconCache.db
[2009/12/06 16:17:56 | 00,524,288 | ---- | M] () -- C:\Users\Robin\Desktop\dds.scr
[2009/12/05 19:18:31 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/12/05 19:18:28 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/05 17:29:26 | 00,000,000 | ---- | M] () -- C:\Program Files\MF
[2009/12/05 16:53:53 | 00,361,531 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/05 16:53:23 | 00,361,531 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091205-165353.backup
[2009/12/04 21:44:16 | 00,035,040 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2009/12/04 21:44:16 | 00,034,760 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2009/12/04 21:44:01 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/04 21:44:01 | 00,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2009/12/04 21:44:01 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2009/12/04 20:48:10 | 00,000,874 | ---- | M] () -- C:\Users\Robin\Desktop\Reanimator.lnk
[2009/12/04 20:12:14 | 08,112,473 | ---- | M] () -- C:\Users\Robin\Desktop\reanimator.zip
[2009/12/04 19:32:52 | 00,999,160 | ---- | M] (BillP Studios) -- C:\Users\Robin\Desktop\wpsetup.exe
[2009/12/03 22:25:02 | 00,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/12/03 22:23:26 | 30,909,992 | ---- | M] () -- C:\Users\Robin\Desktop\avira_antivir_personal_en.exe
[2009/12/03 22:07:13 | 00,001,085 | ---- | M] () -- C:\Users\Robin\Desktop\Spybot - Search & Destroy.lnk
[2009/12/03 05:20:51 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/02 07:03:31 | 00,000,812 | ---- | M] () -- C:\Users\Robin\Desktop\SpywareBlaster.lnk
[2009/12/02 06:26:01 | 05,207,047 | ---- | M] (McAfee Inc.) -- C:\Users\Robin\Desktop\stinger1001688.exe
[2009/12/02 06:16:48 | 03,012,768 | ---- | M] (Javacool Software LLC ) -- C:\Users\Robin\Desktop\spywareblastersetup42.exe
[2009/12/02 06:14:06 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\TFC.exe
[2009/12/02 03:36:50 | 00,000,295 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2009/12/02 01:06:26 | 08,084,968 | ---- | M] (Mozilla) -- C:\Users\Robin\Desktop\Firefox Setup 3.5.5.exe
[2009/12/01 23:18:32 | 00,347,151 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091203-222034.backup
[2009/12/01 23:18:32 | 00,347,151 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091205-165323.backup
[2009/12/01 23:18:32 | 00,347,151 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091204-215406.backup
[2009/12/01 23:18:32 | 00,347,151 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091204-185520.backup
[2009/12/01 23:18:32 | 00,347,151 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091204-185434.backup
[2009/12/01 23:18:32 | 00,347,151 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091203-220047.backup
[2009/12/01 23:18:32 | 00,347,151 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091203-220017.backup
[2009/12/01 23:18:32 | 00,347,151 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091203-214933.backup
[2009/12/01 23:18:32 | 00,347,151 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091203-214848.backup
[2009/12/01 23:18:32 | 00,347,151 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091203-214806.backup
[2009/12/01 20:55:31 | 00,000,770 | ---- | M] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2009/12/01 14:26:20 | 00,422,437 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2009/12/01 14:25:55 | 00,000,871 | ---- | M] () -- C:\Users\Robin\Desktop\ZoneAlarm Security.lnk
[2009/12/01 13:12:44 | 40,233,352 | ---- | M] () -- C:\Users\Robin\Desktop\zaSetup_91_007_002_en.exe
[2009/12/01 12:46:58 | 02,672,312 | ---- | M] () -- C:\Users\Robin\Desktop\esetsmartinstaller_enu.exe
[2009/11/30 20:11:39 | 00,024,206 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\UserTile.png
[2009/11/30 00:19:55 | 00,005,632 | ---- | M] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/30 00:16:07 | 03,356,989 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2009/11/29 23:09:07 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 21:48:44 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts
[2009/11/28 15:31:01 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/28 15:28:06 | 08,043,648 | ---- | M] (IObit ) -- C:\Users\Robin\Desktop\is360setup130.exe

========== Files Created - No Company Name ==========

[2009/12/06 16:17:51 | 00,524,288 | ---- | C] () -- C:\Users\Robin\Desktop\dds.scr
[2009/12/05 19:18:31 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/05 19:18:28 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/05 17:29:26 | 00,000,000 | ---- | C] () -- C:\Program Files\MF
[2009/12/04 20:50:44 | 00,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2009/12/04 20:48:36 | 00,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2009/12/04 20:48:10 | 00,000,874 | ---- | C] () -- C:\Users\Robin\Desktop\Reanimator.lnk
[2009/12/04 20:11:12 | 08,112,473 | ---- | C] () -- C:\Users\Robin\Desktop\reanimator.zip
[2009/12/03 22:25:02 | 00,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/12/03 22:23:02 | 30,909,992 | ---- | C] () -- C:\Users\Robin\Desktop\avira_antivir_personal_en.exe
[2009/12/02 07:03:31 | 00,000,812 | ---- | C] () -- C:\Users\Robin\Desktop\SpywareBlaster.lnk
[2009/12/02 03:36:44 | 00,000,295 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2009/12/01 20:55:31 | 00,000,770 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2009/12/01 14:25:55 | 00,000,871 | ---- | C] () -- C:\Users\Robin\Desktop\ZoneAlarm Security.lnk
[2009/12/01 14:25:23 | 00,422,437 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2009/12/01 13:12:22 | 40,233,352 | ---- | C] () -- C:\Users\Robin\Desktop\zaSetup_91_007_002_en.exe
[2009/12/01 12:46:57 | 02,672,312 | ---- | C] () -- C:\Users\Robin\Desktop\esetsmartinstaller_enu.exe
[2009/11/30 20:11:39 | 00,024,206 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\UserTile.png
[2009/11/29 23:09:07 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 15:31:01 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/22 02:14:31 | 00,005,632 | ---- | C] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/20 00:14:43 | 00,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/10/24 11:13:36 | 00,000,680 | ---- | C] () -- C:\Users\Robin\AppData\Local\d3d9caps.dat
[2009/10/24 10:23:07 | 00,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\QSwitch.txt
[2009/10/24 10:23:07 | 00,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\DSwitch.txt
[2009/10/24 10:23:07 | 00,000,000 | ---- | C] () -- C:\Users\Robin\AppData\Local\AtStart.txt
[2008/12/23 09:51:20 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 15:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/12/01 13:30:45 | 00,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\CheckPoint
[2009/11/07 01:28:38 | 00,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/07 01:44:37 | 00,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\IObit
[2009/11/20 17:53:16 | 00,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\iolo
[2009/12/03 16:51:57 | 00,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\QuickScan
[2009/12/03 03:18:14 | 00,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Uniblue
[2009/12/04 19:33:48 | 00,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\WinPatrol
[2009/12/07 22:05:38 | 00,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 19:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 19:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/20 19:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 19:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/04/15 17:54:16 | 00,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 17:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 17:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/15 17:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 19:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 19:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 19:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/20 19:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 19:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/20 19:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 19:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


It said done with scans but no Extras ever popped up.

#11 rbn6691

rbn6691
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 11 December 2009 - 12:12 AM

Sentinel are you still there? I know exactly who my hacker is and have there IP address from using netstat - I was hacked in You Tube and this man's name is well know and his IP address has been posted there and it is an IP address that is showing up in my netstat, so I know I am hacked. It's been two days since I've heard from you, I'm trying to be patient but I'm also furious at low lifes who hack computers!!!!!!!!!

#12 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:09:47 PM

Posted 24 December 2009 - 06:41 PM

Sorry for the delay.

Do you still need help?

If you like you can PM me the hackers IP.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#13 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:09:47 PM

Posted 29 December 2009 - 12:52 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please PM me or another staff member.

Everyone else please start a new topic.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users