Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I know I'm infected 2 (Fake keygen)


  • Please log in to reply
15 replies to this topic

#1 theoriginal

theoriginal

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:03:45 PM

Posted 24 December 2009 - 10:57 PM

I downloaded a fake keygen on 12/16/2009 and my computer has been infected ever since. It proceeded to turn off user account control, added 2 exe files called "b" and "c" to the startup entry, a gibberish sub-key appeared in the registry, the Firefox icon was renamed C C, this MDT folder appeared in the root of the C: drive, and I had to reinstall utorrent by downloading it again. Although I managed to fix the aforementioned problems, there is still damage done. For example, when I run a program called Driver Magician, it only shows 4 drivers when I click on "search non-Microsoft drivers". This could mean that most of my drivers have been either deleted or corrupted (including utorrent's, although something unknown happened because I don't see drivers for utorrent in program files after I installed it properly), and this could be the case since my C: drive shows more free space.

Also, a new problem came up because my usb flash drive doesn't work anymore. It all started when explorer decides to stop responding, I restart explorer, pull out my flash drive, then I plug it back in and it stops working. I plug it in to my vista pc (or another vista pc) and it shows up on the task bar, but the drive for the usb doesn't show up in "My Computer" (even if I hold the shift key while inserting it in). In xp, Its the same thing except that the drive does show up in "My Computer", but I can't access it. I click on properties and it says File System: Raw; and I tried to recover the partition or reformat it using various methods (Command prompt, Active@ UNDELETE/Kill disk, etc) but non work.

I also used the Flash_Disinfector tool for a possible virus infection since it could have spread from my pc to the usb when explorer crashed. However, it doesn't work on Windows Vista; and I stopped Program Compatibility Assistant Service and turned off user account control but it still doesn't work. Anyway, I tried it on an xp computer and it prompted me and completed the scan but it still didn't fix my usb flash drive. I don't understand, it worked perfectly for the 2 years I had it and then decides to die on me after the explorer crash. There is probably more damage done to my computer that I don't know about since there are SO many registry entries, folder, files, etc. Also, I don't know if these were caused by a virus but I'm not familiar with these files in the root of my C: drive: BOOTSECT.BAK, caavsetupLog.txt, caisslog.txt, INSTALL.LOG, unPDVDDX.iss, and unPDVDDX.log. There is also a PerfLogs folder in the same root as well.

I will post the DDS log and attach the file requested. I will post my HJT log afterward. I will not be able to attach the rootrepeal file for 2 reasons: First, the scan just can't finish. I started scanning at 4:30 AM on 12/24 and 13 hours later it still wasn't done (although the scan wasn't done in safe mode, and I don't know if that will make a difference). And last, boopme, who was the person that assisted me in my thread located at the "Am I infected? What do I do?" forum referred me here and said to only post the HJT and DDS logs.

If there is a way to make the rootrepeal scan faster, please let me know.

And I hope there is a way I can recover my flash drive from the assistance here :(

DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Yovanny at 21:02:16.67 on Thu 12/24/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1470.921 [GMT -5:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32nvvsvc.exe
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32nvvsvc.exe
C:Windowssystem32svchost.exe -k NetworkService
C:WindowsSystem32spoolsv.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesGodlike DevelopersRAM Saver Proramsaverpro.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Windowssystem32svchost.exe -k imgsvc
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32SearchIndexer.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesInternet Download ManagerIEMonitor.exe
C:Windowssystem32taskeng.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsSystem32svchost.exe -k secsvcs
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersYovannyDesktopdds.scr
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:program filesinternet download managerIDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [RAMSaverPro] c:program filesgodlike developersram saver proramsaverpro.exe
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [egui] "c:program fileseseteset nod32 antivirusegui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:program filesinternet download managerIEGetAll.htm
IE: Download FLV video content with IDM - c:program filesinternet download managerIEGetVL.htm
IE: Download with IDM - c:program filesinternet download managerIEExt.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~3office11REFIEBAR.DLL
LSP: c:windowssystem32idmmbc.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:usersyovannyappdataroamingmozillafirefoxprofiles47hbe1d0.default
FF - component: c:program filesrealrealplayerbrowserrecordfirefoxextcomponentsnprpffbrowserrecordext.dll
FF - component: c:usersyovannyappdataroamingidmidmmzcc3componentsidmmzcc.dll
FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2009-5-14 94360]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-12-16 74480]
R2 ekrn;ESET Service;c:program fileseseteset nod32 antivirusekrn.exe [2009-5-14 731840]
R3 VST_DPV;VST_DPV;c:windowssystem32driversVSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:windowssystem32driversVSTBS23.SYS [2006-11-2 251904]
S3 dsreader;MaxDrive Driver (dsreader.sys);c:windowssystem32driversdsreader.sys [2009-12-22 19677]
S3 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2009-8-10 21504]
S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-12-16 7408]

=============== Created Last 30 ================

2009-12-24 05:05:54 0 d-----w- c:programdataWindowsSearch
2009-12-23 12:18:44 99568 ----a-w- c:windowssystem32isafeif.dll
2009-12-23 12:18:44 83256 ----a-w- c:windowssystem32vetredir.dll
2009-12-23 12:18:44 111856 ----a-w- c:windowssystem32isafprod.dll
2009-12-23 12:18:15 0 d-----w- c:programdataCA
2009-12-23 11:29:27 0 d-----w- c:program filesCA
2009-12-23 10:37:20 0 d-----w- c:program filesActive Data Recovery Software
2009-12-23 03:32:18 0 d-----w- c:programdataColasoft Capsa
2009-12-22 06:20:13 19677 ----a-w- c:windowssystem32driversdsreader.sys
2009-12-22 05:11:42 526184 ----a-w- c:windowssystem32XceedCry.dll
2009-12-22 05:11:42 456536 ----a-w- c:windowssystem32XCEEDZIP.DLL
2009-12-22 05:11:42 132880 ----a-w- c:windowssystem32Msinet.ocx
2009-12-22 05:11:42 110602 ----a-w- c:windowssystem32xcdsfx32.bin
2009-12-22 05:11:39 0 d-----w- c:program filesDriver Magician
2009-12-22 02:21:24 0 d-----w- c:programdataSecTaskMan
2009-12-22 00:21:46 0 d-----w- c:program filescommon filesDivX Shared
2009-12-21 20:13:33 0 d-----w- c:program filescommon filesPX Storage Engine
2009-12-21 20:12:44 0 d-----w- c:program filesDivX
2009-12-21 10:24:31 0 d-----w- c:program filesVideoLAN
2009-12-21 07:37:38 0 d-----w- c:program filesMicrosoft ActiveSync
2009-12-21 05:32:37 0 d-----w- c:windowsSHELLNEW
2009-12-21 04:34:03 65536 --sha-w- c:usersyovannyntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TM.blf
2009-12-21 04:34:03 524288 --sha-w- c:usersyovannyntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TMContainer00000000000000000002.regtrans-ms
2009-12-21 04:34:03 524288 --sha-w- c:usersyovannyntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TMContainer00000000000000000001.regtrans-ms
2009-12-20 09:06:12 505 ----a-w- C:unPDVDDX.iss
2009-12-20 07:47:40 0 d-----w- C:MDT
2009-12-20 07:47:24 0 d-----w- c:programdataCyberLink
2009-12-20 07:46:57 0 d-----w- c:programdataDell
2009-12-20 07:46:37 82432 ----a-w- c:windowssystem32msxml4r.dll
2009-12-20 07:46:37 44544 ----a-w- c:windowssystem32msxml4a.dll
2009-12-20 07:46:17 89088 ----a-w- c:windowssystem32atl71.dll
2009-12-20 07:46:17 1060864 ----a-w- c:windowssystem32MFC71.dll
2009-12-20 07:46:17 1047552 ----a-w- c:windowssystem32MFC71u.dll
2009-12-20 06:08:14 35085 ----a-w- c:programdatanvModes.dat
2009-12-20 06:07:54 0 d-----w- c:programdataNVIDIA
2009-12-20 06:06:39 490088 ----a-w- c:windowssystem32nvuninst.exe
2009-12-19 09:14:13 355584 ----a-w- c:windowssystem32TuneUpDefragService.exe
2009-12-19 09:14:13 28416 ----a-w- c:windowssystem32uxtuneup.dll
2009-12-19 09:14:12 16640 ----a-w- c:windowssystem32authuitu.dll
2009-12-19 01:13:43 0 d-----w- c:programdatavsosdk
2009-12-18 18:42:23 0 d--h--w- c:windowsPIF
2009-12-18 09:16:00 0 d-----w- C:$AVG
2009-12-18 09:15:05 0 d-----w- c:program filesAVG
2009-12-18 09:14:56 0 d-----w- c:programdataavg9
2009-12-18 08:34:24 0 d-----w- c:program filesuTorrent
2009-12-18 04:58:55 49152 ----a-w- c:windowssystem32ArmAccess.dll
2009-12-18 03:12:54 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-12-18 03:12:51 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-12-18 00:38:53 0 d-----w- c:programdataSUPERAntiSpyware.com
2009-12-18 00:38:34 0 d-----w- c:program filesSUPERAntiSpyware
2009-12-18 00:38:33 0 d-----w- c:usersyovannyappdataroamingSUPERAntiSpyware.com
2009-12-17 18:58:18 0 d-----w- c:usersyovannyappdataroamingMalwarebytes
2009-12-17 18:58:07 0 d-----w- c:programdataMalwarebytes
2009-12-17 18:58:01 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2009-12-17 04:45:25 0 d-----w- c:program filesVSO
2009-12-17 04:09:34 87608 ----a-w- c:usersyovannyappdataroaminginst.exe
2009-12-17 04:09:34 47360 ----a-w- c:windowssystem32driverspcouffin.sys
2009-12-17 04:09:34 47360 ----a-w- c:usersyovannyappdataroamingpcouffin.sys
2009-12-17 04:09:08 65602 ----a-w- c:windowssystem32cook3260.dll
2009-12-17 04:09:08 626688 ----a-w- c:windowssystem32vp7vfw.dll
2009-12-17 04:09:08 217127 ----a-w- c:windowssystem32drv43260.dll
2009-12-17 04:09:08 208935 ----a-w- c:windowssystem32drv33260.dll
2009-12-17 04:09:08 176165 ----a-w- c:windowssystem32drv23260.dll
2009-12-17 04:09:08 1184984 ----a-w- c:windowssystem32wvc1dmod.dll
2009-12-17 04:09:08 102439 ----a-w- c:windowssystem32sipr3260.dll
2009-12-16 23:33:05 0 d-----w- c:usersyovannyappdataroamingDVD Flick
2009-12-16 04:26:40 608448 ----a-w- c:windowssystem32COMCTL32.OCX
2009-12-15 21:12:55 0 d-----w- c:programdataReal
2009-12-14 05:39:18 0 d-----w- c:program filesBroderbund
2009-12-12 21:34:23 0 d-----w- c:programdataLavasoft
2009-12-12 04:49:51 0 d-----w- c:programdataOffice Genuine Advantage
2009-12-10 04:10:58 376 ----a-w- c:windowsODBC.INI
2009-12-10 04:10:47 28040 ----a-w- c:windowssystem32mdimon.dll
2009-12-10 04:05:08 0 d--h--r- C:MSOCache(3)
2009-12-08 23:56:07 411648 ----a-w- c:windowssystem32drivershttp.sys
2009-12-08 23:56:06 30720 ----a-w- c:windowssystem32httpapi.dll
2009-12-08 23:56:05 24064 ----a-w- c:windowssystem32nshhttp.dll
2009-12-08 23:55:14 377344 ----a-w- c:windowssystem32winhttp.dll
2009-12-08 23:55:11 243712 ----a-w- c:windowssystem32rastls.dll
2009-12-06 17:01:23 26600 ----a-w- c:windowssystem32driversGEARAspiWDM.sys
2009-12-06 17:01:23 107368 ----a-w- c:windowssystem32GEARAspi.dll
2009-12-06 17:00:31 0 d-----w- c:program filesiPod
2009-12-06 17:00:24 0 d-----w- c:programdata{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-06 17:00:24 0 d-----w- c:program filesiTunes
2009-12-06 16:59:07 0 d-----w- c:program filesBonjour
2009-12-06 16:58:10 0 d-----w- c:programdataApple Computer
2009-12-06 16:55:07 0 d-----w- c:programdataApple
2009-12-03 23:28:41 0 d-----w- c:usersyovannyappdataroamingBroderbund
2009-12-03 23:28:41 0 d-----w- c:programdataBroderbund
2009-12-03 22:41:41 0 d-----w- c:programdataProtexis
2009-11-25 08:00:59 2048 ----a-w- c:windowssystem32tzres.dll
2009-11-25 07:10:46 1401856 ----a-w- c:windowssystem32msxml6.dll
2009-11-25 07:10:44 1248768 ----a-w- c:windowssystem32msxml3.dll
2009-11-25 07:10:40 714240 ----a-w- c:windowssystem32timedate.cpl

==================== Find3M ====================

2009-12-22 06:20:43 86016 ----a-w- c:windowsinfinfstrng.dat
2009-12-22 06:20:43 51200 ----a-w- c:windowsinfinfpub.dat
2009-12-22 06:20:40 86016 ----a-w- c:windowsinfinfstor.dat
2009-11-21 06:40:20 916480 ----a-w- c:windowssystem32wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:windowssystem32iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:windowssystem32iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:windowssystem32ieUnatt.exe
2009-11-17 08:17:26 665600 ----a-w- c:windowsinfdrvindex.dat
2009-11-17 08:17:11 0 ---ha-w- c:windowssystem32driversMsft_User_WpdFs_01_07_00.Wdf
2009-11-14 00:47:32 90112 ----a-w- c:windowssystem32dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:windowssystem32divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:windowssystem32divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:windowssystem32divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:windowssystem32divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:windowssystem32divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:windowssystem32DivX.dll
2009-11-03 01:42:06 195456 ------w- c:windowssystem32MpSigStub.exe
2009-10-11 09:17:27 411368 ----a-w- c:windowssystem32deploytk.dll
2009-10-08 21:08:01 555520 ----a-w- c:windowssystem32UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- c:windowssystem32oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- c:windowssystem32oleaccrc.dll
2009-10-01 01:02:17 2537472 ----a-w- c:windowssystem32wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:windowssystem32WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:windowssystem32PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:windowssystem32WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:windowssystem32BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:windowssystem32wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:windowssystem32PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:windowssystem32PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:windowssystem32WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:windowssystem32PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:windowssystem32PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:windowssystem32wpdbusenum.dll
2009-09-28 04:12:22 795104 ----a-w- c:windowssystem32dpinst.exe
2009-09-28 04:12:22 7614056 ----a-w- c:windowssystem32nvd3dum.dll
2009-09-28 04:12:22 490088 ----a-w- c:windowssystem32nvudisp.exe
2009-09-28 04:12:22 2169448 ----a-w- c:windowssystem32nvcuvid.dll
2009-09-28 04:12:22 1997416 ----a-w- c:windowssystem32nvcuda.dll
2009-09-28 04:12:22 1714792 ----a-w- c:windowssystem32nvcuvenc.dll
2009-09-28 04:12:22 170600 ----a-w- c:windowssystem32nvcod167.dll
2009-09-28 04:12:22 170600 ----a-w- c:windowssystem32nvcod.dll
2009-09-28 04:12:22 11197032 ----a-w- c:windowssystem32nvoglv32.dll
2009-09-28 04:12:22 1074280 ----a-w- c:windowssystem32nvapi.dll
2009-09-27 22:47:30 2173544 ----a-w- c:windowssystem32nvcplui.exe
2009-09-27 22:47:00 92776 ----a-w- c:windowssystem32nvmctray.dll
2009-09-27 22:47:00 805480 ----a-w- c:windowssystem32nvsvc.dll
2009-09-27 22:47:00 4033128 ----a-w- c:windowssystem32nvvitvs.dll
2009-09-27 22:47:00 3553896 ----a-w- c:windowssystem32nvgames.dll
2009-09-27 22:47:00 3172968 ----a-w- c:windowssystem32nvwss.dll
2009-09-27 22:47:00 215656 ----a-w- c:windowssystem32nvvsvc.exe
2009-09-27 22:47:00 195176 ----a-w- c:windowssystem32nvmccss.dll
2009-09-27 22:47:00 150120 ----a-w- c:windowssystem32nvshext.dll
2009-09-27 22:47:00 1309288 ----a-w- c:windowssystem32nvsvs.dll
2009-09-27 22:47:00 1292904 ----a-w- c:windowssystem32nvmobls.dll
2009-09-27 22:46:00 4942440 ----a-w- c:windowssystem32nvdisps.dll
2009-09-27 22:46:00 13949544 ----a-w- c:windowssystem32nvcpl.dll
2009-08-10 08:11:25 174 --sha-w- c:program filesdesktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2007-02-21 19:49:00 8192 --sha-w- c:windowsusersdefaultNTUSER.DAT

============= FINISH: 21:03:26.40 ===============

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:34 PM, on 12/24/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesGodlike DevelopersRAM Saver Proramsaverpro.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesInternet Download ManagerIEMonitor.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:UsersYovannyDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = Preserve
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program FilesInternet Download ManagerIDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [egui] "C:Program FilesESETESET NOD32 Antivirusegui.exe" /hide /waitservice
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [RAMSaverPro] C:Program FilesGodlike DevelopersRAM Saver Proramsaverpro.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:Program FilesInternet Download ManagerIEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:Program FilesInternet Download ManagerIEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:Program FilesInternet Download ManagerIEExt.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: @%SystemRoot%System32TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:WindowsSystem32TuneUpDefragService.exe

--
End of file - 5184 bytes

Merged posts. ~ OB

Attached Files


Edited by theoriginal, 25 December 2009 - 06:50 PM.


BC AdBot (Login to Remove)

 


#2 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:03:45 PM

Posted 29 December 2009 - 11:17 PM

Just found out that Nod32 quarantined the virus that infected my computer back on the 16th. It also quarantined 2 trojans found in one of my flash drives today (Honestly don't know why this happened). All I know is that I used the flash this morning in my computer (the computer with the virus) and it was fine; even formatted it. But after I used it in another computer from a place I do a job training program at, I brought it home and inserted it in my computer and it found and quarantined 2 trojans. Also, I wasn't aware that I got 2 trojan downloaders back in September. Well, everything about the viruses is in the attachment.

Update: Just ran Flash_Disinfector on all my flash drives and they are clean now. But it doesn't fix the File System: Raw problem from one of my flash drives.

Note: Could not copy and paste the quarantined list from Nod32 to notepad because it doesn't let me. To avoid confusion, the flash drive that was infected today is NOT the one with the File System: Raw problem.

To moderator: Please merge this post with the previous one since I cannot edit that one anymore :(

Attached Files


Edited by theoriginal, 30 December 2009 - 03:41 AM.


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 05 January 2010 - 07:05 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:03:45 PM

Posted 05 January 2010 - 10:12 PM

(1). I still have the problem from before that I'm not familiar with these files in the root of my C: drive: BOOTSECT.BAK, caavsetupLog.txt, caisslog.txt, INSTALL.LOG, unPDVDDX.iss, and unPDVDDX.log. There is also a PerfLogs and MDT folder in the same root as well. Since I am not familiar with them, I can't say whether or not they were caused by the fake keygen virus.

(2). My main problem still persists which is that one of my usb flash drives went dead on the 23rd of last month. It happened when explorer crashed in my vista computer, I unplug the flash drive, explorer restarts, I plug in back my flash drive and it didn't appeared in my computer or disk management. It does show that its inserted according to the task bar, however. Like I said in my first post (first post located here), I put it in xp but it's the same thing except it shows up in my computer (but I cannot access it). It won't even format; and afterward, I tried many methods like disk part, kill disk, cmd, a bunch of format tools, etc, but they don't work. Even tried Flash Disinfector but it doesn't work (had to run this tool in xp because it didn't run in vista). In xp when I check the properties, it says File System: RAW. There is a good chance this wasn't caused by the fake keygen virus since like I said, flash disinfector has no effect on the dead usb flash drive.

(3)
. Another big problem I still have is that only 4 drivers are showing up when I run a program called Driver Magician. I click on "Search Non-Microsoft Drivers" and that's the only amount it shows. I have the same program installed in other computers at my home but they show the correct amount of drivers when I click on "Search Non-Microsoft Drivers". I have a good feeling this was caused by the fake keygen virus.

(4). Need help identifying the source of 2 trojans that infected one of my usb flash drives (this isn't the dead one I talked about before). This must be related with the fake keygen virus. You can read about this problem in my previous reply assuming Orange Blossom or another mod didn't merge it with my first post.

Well, those are my problems right now. I took care of some of the problems explained during the first paragraph of my first post, which was the disabled user account control (reenabled it and hasn't turned off since), utorrent being unistalled (Had to download it to reinstall it. No problem encountered with this since then), the 'b' and 'c' exe files at startup (deleted them and haven't come back since), the gibberish sub-key appeared in the registry (don't know if there are other gibberish sub-keys hidden deep within the registry though :/), the Firefox icon that was renamed C C (Hasn't been renamed since then). Regarding those 2 trojans, I disinfected and immunized the usb flash drive with flash disinfector.

Also, in my last reply I posted the quarantined list from nod32. Some of those entries date to the 16th of last month (the day I was infected with the fake keygen virus). These files infected my computer but I am having doubts about these being the source of my virus. I just don't remember the exact site I got it from; all I remember is that the virus came from a fake keygen in that site. You are welcome to analyze them carefully if you wish.

But anyway, it will be a pleasure working with the staff here and I know they'll help my computer (and hopefully my dead flash drive) be back on track :(

Note
: I won't be able to carry out any procedures to fix my computer the staff member tells me between the 9th and 22nd of this month because I will be away on vacation. If a staff member can begin to assist me before I go, that's fine (I leave this Friday though) or I'll just leave a message the day I come back from my trip reminding the staff that's helping me in this thread. Thank You.


Here's the DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Yovanny at 0:24:12.23 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1470.932 [GMT -5:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Yovanny\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [RAMSaverPro] c:\program files\godlike developers\ram saver pro\ramsaverpro.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\windows\system32\idmmbc.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\yovanny\appdata\roaming\mozilla\firefox\profiles\47hbe1d0.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\yovanny\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\drivers\dsreader.sys [2009-12-22 19677]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-8-10 21504]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]

=============== Created Last 30 ================

2010-01-05 03:29:39 0 d-----w- c:\users\yovanny\appdata\roaming\Auslogics
2010-01-05 00:57:19 65536 --sha-w- c:\users\yovanny\ntuser.dat{808d9f9f-f992-11de-8ec8-001aa01aec36}.TM.blf
2010-01-05 00:57:19 524288 --sha-w- c:\users\yovanny\ntuser.dat{808d9f9f-f992-11de-8ec8-001aa01aec36}.TMContainer00000000000000000002.regtrans-ms
2010-01-05 00:57:19 524288 --sha-w- c:\users\yovanny\ntuser.dat{808d9f9f-f992-11de-8ec8-001aa01aec36}.TMContainer00000000000000000001.regtrans-ms
2010-01-05 00:56:16 0 ---ha-w- c:\users\yovanny\ntuser.dat_TU_15448.LOG2
2010-01-05 00:56:16 0 ---ha-w- c:\users\yovanny\ntuser.dat_TU_15448.LOG1
2010-01-02 04:53:32 1905 ----a-w- c:\windows\diagwrn.xml
2010-01-02 04:53:32 1905 ----a-w- c:\windows\diagerr.xml
2010-01-01 10:08:36 0 d-----w- c:\programdata\PC Drivers HeadQuarters Inc
2010-01-01 09:59:53 0 d-----w- c:\users\yovanny\appdata\roaming\GetRightToGo
2010-01-01 09:27:41 0 d-----w- c:\programdata\PC Drivers HeadQuarters
2009-12-31 00:39:38 0 d--h--w- C:\Autorun.inf
2009-12-31 00:20:47 0 d-----w- c:\program files\AutorunRemover
2009-12-28 05:39:25 81920 ----a-w- c:\windows\system32\mbmouse.ocx
2009-12-28 05:39:25 36864 ----a-w- c:\windows\system32\trayicon.ocx
2009-12-25 04:49:34 0 d-----w- c:\programdata\Cobian
2009-12-25 04:48:39 0 d-----w- c:\program files\Cobian Backup 9
2009-12-24 05:05:54 0 d-----w- c:\programdata\WindowsSearch
2009-12-23 12:18:44 99568 ----a-w- c:\windows\system32\isafeif.dll
2009-12-23 12:18:44 83256 ----a-w- c:\windows\system32\vetredir.dll
2009-12-23 12:18:44 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-12-23 12:18:15 0 d-----w- c:\programdata\CA
2009-12-23 10:37:20 0 d-----w- c:\program files\Active Data Recovery Software
2009-12-23 03:32:18 0 d-----w- c:\programdata\Colasoft Capsa
2009-12-22 06:20:13 19677 ----a-w- c:\windows\system32\drivers\dsreader.sys
2009-12-22 05:11:42 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-12-22 05:11:42 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2009-12-22 05:11:42 132880 ----a-w- c:\windows\system32\Msinet.ocx
2009-12-22 05:11:42 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-12-22 05:11:39 0 d-----w- c:\program files\Driver Magician
2009-12-22 02:21:24 0 d-----w- c:\programdata\SecTaskMan
2009-12-22 00:21:46 0 d-----w- c:\program files\common files\DivX Shared
2009-12-21 20:13:33 0 d-----w- c:\program files\common files\PX Storage Engine
2009-12-21 20:12:44 0 d-----w- c:\program files\DivX
2009-12-21 10:24:31 0 d-----w- c:\program files\VideoLAN
2009-12-21 07:37:38 0 d-----w- c:\program files\Microsoft ActiveSync
2009-12-21 05:32:37 0 d-----w- c:\windows\SHELLNEW
2009-12-21 04:34:03 65536 --sha-w- c:\users\yovanny\ntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TM.blf
2009-12-21 04:34:03 524288 --sha-w- c:\users\yovanny\ntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TMContainer00000000000000000002.regtrans-ms
2009-12-21 04:34:03 524288 --sha-w- c:\users\yovanny\ntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TMContainer00000000000000000001.regtrans-ms
2009-12-20 09:06:12 505 ----a-w- C:\unPDVDDX.iss
2009-12-20 07:47:40 0 d-----w- C:\MDT
2009-12-20 07:47:24 0 d-----w- c:\programdata\CyberLink
2009-12-20 07:46:57 0 d-----w- c:\programdata\Dell
2009-12-20 07:46:37 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-12-20 07:46:37 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-12-20 07:46:17 89088 ----a-w- c:\windows\system32\atl71.dll
2009-12-20 07:46:17 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-20 07:46:17 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2009-12-20 06:08:14 35085 ----a-w- c:\programdata\nvModes.dat
2009-12-20 06:07:54 0 d-----w- c:\programdata\NVIDIA
2009-12-20 06:06:39 490088 ----a-w- c:\windows\system32\nvuninst.exe
2009-12-19 09:14:13 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-19 09:14:13 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-19 09:14:12 16640 ----a-w- c:\windows\system32\authuitu.dll
2009-12-19 01:13:43 0 d-----w- c:\programdata\vsosdk
2009-12-18 18:42:23 0 d--h--w- c:\windows\PIF
2009-12-18 09:16:00 0 d-----w- C:\$AVG
2009-12-18 09:15:05 0 d-----w- c:\program files\AVG
2009-12-18 09:14:56 0 d-----w- c:\programdata\avg9
2009-12-18 08:34:24 0 d-----w- c:\program files\uTorrent
2009-12-18 04:58:55 49152 ----a-w- c:\windows\system32\ArmAccess.dll
2009-12-18 03:12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-18 03:12:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 00:38:53 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-18 00:38:34 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-18 00:38:33 0 d-----w- c:\users\yovanny\appdata\roaming\SUPERAntiSpyware.com
2009-12-17 18:58:18 0 d-----w- c:\users\yovanny\appdata\roaming\Malwarebytes
2009-12-17 18:58:07 0 d-----w- c:\programdata\Malwarebytes
2009-12-17 18:58:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 04:45:25 0 d-----w- c:\program files\VSO
2009-12-17 04:09:34 87608 ----a-w- c:\users\yovanny\appdata\roaming\inst.exe
2009-12-17 04:09:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-17 04:09:34 47360 ----a-w- c:\users\yovanny\appdata\roaming\pcouffin.sys
2009-12-17 04:09:08 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-12-17 04:09:08 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-12-17 04:09:08 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-12-17 04:09:08 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-12-17 04:09:08 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-12-17 04:09:08 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-12-17 04:09:08 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-12-16 23:33:05 0 d-----w- c:\users\yovanny\appdata\roaming\DVD Flick
2009-12-16 04:26:40 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2009-12-15 21:12:55 0 d-----w- c:\programdata\Real
2009-12-14 05:39:18 0 d-----w- c:\program files\Broderbund
2009-12-12 21:34:23 0 d-----w- c:\programdata\Lavasoft
2009-12-12 04:49:51 0 d-----w- c:\programdata\Office Genuine Advantage
2009-12-10 04:10:58 376 ----a-w- c:\windows\ODBC.INI
2009-12-10 04:10:47 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-12-10 04:05:08 0 d--h--r- C:\MSOCache(3)
2009-12-08 23:56:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-08 23:56:06 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 23:56:05 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-08 23:55:14 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-08 23:55:11 243712 ----a-w- c:\windows\system32\rastls.dll

==================== Find3M ====================

2009-12-22 06:20:43 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-22 06:20:43 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-22 06:20:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 08:17:26 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 08:17:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-08-10 08:11:25 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 19:49:00 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:24:54.76 ===============

Attached Files


Edited by theoriginal, 06 January 2010 - 10:35 AM.


#5 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:45 PM

Posted 07 January 2010 - 08:11 AM

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#6 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:03:45 PM

Posted 07 January 2010 - 10:09 PM

Hello, I ran combofix as administrator and my computer stopped responding afterward (I did not mouse-click on the combofix window while it was running). I had disabled all anti-virus/malware applications including Windows Defender beforehand, downloaded the file and placed it on the desktop. The only thing that came up was this message saying I needed to open a certain file with a program. I clicked on find recommended programs on the web and it just froze completely; so I had to perform a hard-shut down afterward. After I restarted, the first thing I noticed was that my desktop background disappeared.

Then I decided to go to my user folder and navigated to the downloads folder and the files and folders inside had their icons missing. It might have happened to other files that I don't know about as well. Eventually, I had to used system restore to get my computer to the point before I used combofix. After the restore completed successfully, I noticed that combofix created a folder in the root of my hard disk drive so I decided to delete it. Did combofix fail because I ran it as administrator or was it because of something else?

Note: Just reminding you that my operating system is Windows Vista Home Basic SP2. The model is a Dell Dimension C521. I have not ran combofix a second time.

Edited by theoriginal, 07 January 2010 - 10:12 PM.


#7 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:45 PM

Posted 08 January 2010 - 03:50 AM

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#8 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:03:45 PM

Posted 08 January 2010 - 06:03 AM

1) OTL:

OTL logfile created on: 1/8/2010 5:50:20 AM - Run 4
OTL by OldTimer - Version 3.1.21.1 Folder = C:\Users\Yovanny\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 98.44 Gb Free Space | 66.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOVANNY-PC
Current User Name: Yovanny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Yovanny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Yovanny\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (pcouffin) -- C:\Windows\System32\drivers\pcouffin.sys (VSO Software)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (epfwtdir) -- C:\Windows\System32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce™ -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (dsreader) MaxDrive Driver (dsreader.sys) -- C:\Windows\System32\drivers\dsreader.sys (Thesycon GmbH, Germany)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaulta.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.4
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 23:13:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 23:13:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/12/23 15:09:41 | 00,000,000 | ---D | M]

[2009/08/08 21:53:55 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\Mozilla\Extensions
[2010/01/07 23:22:13 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\Mozilla\Firefox\Profiles\47hbe1d0.default\extensions
[2009/08/09 16:28:57 | 00,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Yovanny\AppData\Roaming\Mozilla\Firefox\Profiles\47hbe1d0.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/01/07 23:22:13 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Yovanny\AppData\Roaming\Mozilla\Firefox\Profiles\47hbe1d0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/02 19:51:50 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Yovanny\AppData\Roaming\Mozilla\Firefox\Profiles\47hbe1d0.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/09 15:30:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/03 15:07:42 | 00,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/30 19:39:38 | 00,000,000 | -H-D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/08/10 03:04:01 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: rootrepeal.sys - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/08 05:44:22 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Yovanny\Desktop\OTL.exe
[2010/01/06 22:39:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2010/01/06 22:38:42 | 00,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/01/06 22:38:14 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Local\Citrix
[2010/01/06 10:59:08 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Local\Apple
[2010/01/06 01:05:21 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Local\Apple Computer
[2010/01/04 22:29:39 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Roaming\Auslogics
[2010/01/02 20:33:33 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Local\Adobe
[2010/01/01 05:08:36 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters Inc
[2010/01/01 04:59:53 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Roaming\GetRightToGo
[2010/01/01 04:27:41 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/12/30 23:47:27 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Local\RadarSync
[2009/12/30 19:39:38 | 00,000,000 | -H-D | C] -- C:\Autorun.inf
[2009/12/30 19:20:47 | 00,000,000 | ---D | C] -- C:\Program Files\AutorunRemover
[2009/12/29 20:15:52 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Roaming\DivX
[2009/12/28 00:39:25 | 00,081,920 | ---- | C] (Marco Bellinaso) -- C:\Windows\System32\mbmouse.ocx
[2009/12/28 00:39:25 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon.ocx
[2009/12/24 23:49:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Cobian
[2009/12/24 23:48:39 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/12/24 00:05:54 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/12/23 15:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/12/23 07:18:44 | 00,111,856 | ---- | C] (CA, Inc.) -- C:\Windows\System32\isafprod.dll
[2009/12/23 07:18:44 | 00,099,568 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\isafeif.dll
[2009/12/23 07:18:44 | 00,083,256 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\System32\vetredir.dll
[2009/12/23 07:18:15 | 00,000,000 | ---D | C] -- C:\ProgramData\CA
[2009/12/23 05:37:20 | 00,000,000 | ---D | C] -- C:\Program Files\Active Data Recovery Software
[2009/12/23 05:37:11 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/12/22 22:32:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Colasoft Capsa
[2009/12/22 01:20:13 | 00,019,677 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\dsreader.sys
[2009/12/22 00:11:42 | 00,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
[2009/12/22 00:11:42 | 00,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XCEEDZIP.DLL
[2009/12/22 00:11:42 | 00,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msinet.ocx
[2009/12/22 00:11:39 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Magician
[2009/12/21 21:21:24 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009/12/21 20:30:22 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Roaming\vlc
[2009/12/21 19:21:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/12/21 15:13:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/12/21 15:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/12/21 05:31:15 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Roaming\dvdcss
[2009/12/21 05:24:31 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/12/21 02:37:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/12/21 02:35:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/12/21 01:07:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/12/21 00:32:37 | 00,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2009/12/21 00:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/12/21 00:32:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/12/21 00:30:03 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/12/20 02:47:40 | 00,000,000 | ---D | C] -- C:\MDT
[2009/12/20 02:47:24 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Roaming\CyberLink
[2009/12/20 02:47:24 | 00,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2009/12/20 02:46:57 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Local\PowerDVD DX
[2009/12/20 02:46:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Dell
[2009/12/20 02:46:37 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2009/12/20 02:46:37 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2009/12/20 02:46:17 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.dll
[2009/12/20 02:46:17 | 01,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71u.dll
[2009/12/20 02:46:17 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl71.dll
[2009/12/20 01:07:54 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009/12/20 01:06:39 | 00,490,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2009/12/19 04:14:13 | 00,355,584 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\TuneUpDefragService.exe
[2009/12/19 04:14:13 | 00,028,416 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\uxtuneup.dll
[2009/12/19 04:14:12 | 00,016,640 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\System32\authuitu.dll
[2009/12/18 20:13:43 | 00,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2009/12/18 19:01:36 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\Documents\ConvertXtoDVD
[2009/12/18 13:42:23 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[2009/12/18 04:16:00 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/12/18 04:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/18 04:14:56 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/12/18 03:34:24 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/12/17 22:12:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/17 22:12:51 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/17 19:38:53 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/17 19:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/17 19:38:33 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/17 14:34:50 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/12/17 13:58:18 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Roaming\Malwarebytes
[2009/12/17 13:58:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/17 13:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/16 23:46:10 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\Documents\PcSetup
[2009/12/16 23:45:25 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009/12/16 23:09:34 | 00,047,360 | ---- | C] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/12/16 23:09:34 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Yovanny\AppData\Roaming\pcouffin.sys
[2009/12/16 23:09:08 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2009/12/16 23:09:08 | 00,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2009/12/16 23:09:08 | 00,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2009/12/16 23:09:08 | 00,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2009/12/16 23:09:08 | 00,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2009/12/16 23:09:08 | 00,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2009/12/16 23:09:08 | 00,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2009/12/16 22:42:32 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Local\ESET
[2009/12/16 22:22:24 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Roaming\Vso
[2009/12/16 18:33:05 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Roaming\DVD Flick
[2009/12/15 23:26:40 | 00,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCTL32.OCX
[2009/12/15 22:31:53 | 00,000,000 | ---D | C] -- C:\Users\Yovanny\AppData\Local\Apps
[2009/12/15 16:12:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2009/12/14 00:39:18 | 00,000,000 | ---D | C] -- C:\Program Files\Broderbund
[2009/12/12 16:34:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/12/11 23:49:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/12/09 23:10:47 | 00,028,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2009/12/09 23:05:08 | 00,000,000 | RH-D | C] -- C:\MSOCache(3)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/08 05:49:27 | 02,359,296 | -HS- | M] () -- C:\Users\Yovanny\ntuser.dat
[2010/01/08 05:44:17 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Yovanny\Desktop\OTL.exe
[2010/01/08 04:24:54 | 00,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/08 04:24:54 | 00,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/08 04:09:13 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/08 04:09:13 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/08 04:09:12 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/07 23:41:57 | 00,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{632F9E09-71A3-4950-B499-E0C85011FC99}.job
[2010/01/07 18:25:25 | 00,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/07 18:25:25 | 00,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/07 18:24:49 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/07 18:24:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/07 18:24:38 | 15,419,22816 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 18:22:47 | 00,524,288 | -HS- | M] () -- C:\Users\Yovanny\ntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 18:22:47 | 00,065,536 | -HS- | M] () -- C:\Users\Yovanny\ntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TM.blf
[2010/01/07 18:22:46 | 06,291,456 | -H-- | M] () -- C:\Users\Yovanny\AppData\Local\IconCache.db
[2010/01/06 22:33:52 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/01/04 22:37:05 | 00,524,288 | -HS- | M] () -- C:\Users\Yovanny\ntuser.dat{808d9f9f-f992-11de-8ec8-001aa01aec36}.TMContainer00000000000000000001.regtrans-ms
[2010/01/04 22:37:05 | 00,065,536 | -HS- | M] () -- C:\Users\Yovanny\ntuser.dat{808d9f9f-f992-11de-8ec8-001aa01aec36}.TM.blf
[2010/01/04 22:11:31 | 00,524,288 | -HS- | M] () -- C:\Users\Yovanny\ntuser.dat{808d9f9f-f992-11de-8ec8-001aa01aec36}.TMContainer00000000000000000002.regtrans-ms
[2010/01/04 19:56:26 | 02,359,296 | -HS- | M] () -- C:\Users\Yovanny\ntuser.dat_BAK_15448
[2010/01/04 02:22:22 | 00,001,044 | ---- | M] () -- C:\Users\Yovanny\AppData\Roaming\vso_ts_preview.xml
[2010/01/03 18:26:11 | 00,071,680 | ---- | M] () -- C:\Users\Yovanny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/01 23:53:48 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/01/01 23:53:48 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/12/30 19:20:49 | 00,000,812 | ---- | M] () -- C:\Users\Public\Desktop\AutorunRemover.lnk
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/28 20:41:54 | 00,001,670 | ---- | M] () -- C:\Users\Yovanny\Desktop\CCleaner.lnk
[2009/12/25 17:16:35 | 00,000,380 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009/12/25 01:52:23 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/12/23 15:10:11 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2009/12/23 15:10:10 | 00,000,192 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2009/12/23 15:10:10 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2009/12/23 15:10:10 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2009/12/23 15:10:10 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2009/12/23 15:10:10 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2009/12/23 15:10:10 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2009/12/23 15:10:10 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2009/12/23 15:10:10 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2009/12/23 15:10:10 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2009/12/23 15:10:10 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2009/12/23 15:10:10 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2009/12/23 15:10:10 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2009/12/23 15:10:10 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2009/12/23 15:10:10 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2009/12/23 15:10:10 | 00,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2009/12/23 07:19:51 | 00,111,856 | ---- | M] (CA, Inc.) -- C:\Windows\System32\isafprod.dll
[2009/12/22 00:11:43 | 00,000,822 | ---- | M] () -- C:\Users\Yovanny\Desktop\Driver Magician.lnk
[2009/12/21 23:43:30 | 00,000,919 | ---- | M] () -- C:\Users\Yovanny\Desktop\YouTube Downloader.lnk
[2009/12/21 03:02:20 | 00,000,240 | ---- | M] () -- C:\Windows\win.ini
[2009/12/21 02:46:50 | 00,083,248 | ---- | M] () -- C:\Users\Yovanny\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/21 02:46:33 | 00,331,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/21 02:43:10 | 00,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/12/21 02:04:33 | 00,524,288 | -HS- | M] () -- C:\Users\Yovanny\ntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TMContainer00000000000000000002.regtrans-ms
[2009/12/20 23:25:50 | 00,524,288 | -HS- | M] () -- C:\Users\Yovanny\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2009/12/20 23:25:50 | 00,065,536 | -HS- | M] () -- C:\Users\Yovanny\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2009/12/19 04:14:13 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TuneUpDefragService.exe
[2009/12/18 03:34:39 | 00,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/12/17 22:12:57 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/17 19:38:38 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/16 23:53:01 | 00,000,036 | ---- | M] () -- C:\Users\Yovanny\AppData\Local\housecall.guid.cache
[2009/12/16 23:46:08 | 00,000,985 | ---- | M] () -- C:\Users\Yovanny\Desktop\ConvertXtoDvd 3.lnk
[2009/12/16 23:09:34 | 00,087,608 | ---- | M] () -- C:\Users\Yovanny\AppData\Roaming\inst.exe
[2009/12/16 23:09:34 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/12/16 23:09:34 | 00,047,360 | ---- | M] (VSO Software) -- C:\Users\Yovanny\AppData\Roaming\pcouffin.sys
[2009/12/16 23:09:34 | 00,007,887 | ---- | M] () -- C:\Users\Yovanny\AppData\Roaming\pcouffin.cat
[2009/12/16 23:09:34 | 00,001,144 | ---- | M] () -- C:\Users\Yovanny\AppData\Roaming\pcouffin.inf
[2009/12/15 16:13:39 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/12/15 16:13:27 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/12/15 16:13:27 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/12/15 16:13:02 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/12/14 00:39:24 | 00,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Mavis Beacon Teaches Typing Platinum 20.lnk
[2009/12/13 21:25:46 | 00,004,096 | -H-- | M] () -- C:\Users\Yovanny\AppData\Local\keyfile3.drm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/06 22:33:52 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/01/04 19:57:19 | 00,524,288 | -HS- | C] () -- C:\Users\Yovanny\ntuser.dat{808d9f9f-f992-11de-8ec8-001aa01aec36}.TMContainer00000000000000000002.regtrans-ms
[2010/01/04 19:57:19 | 00,524,288 | -HS- | C] () -- C:\Users\Yovanny\ntuser.dat{808d9f9f-f992-11de-8ec8-001aa01aec36}.TMContainer00000000000000000001.regtrans-ms
[2010/01/04 19:57:19 | 00,065,536 | -HS- | C] () -- C:\Users\Yovanny\ntuser.dat{808d9f9f-f992-11de-8ec8-001aa01aec36}.TM.blf
[2010/01/01 23:53:32 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/01/01 23:53:32 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/01/01 20:36:10 | 15,419,22816 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/30 19:20:49 | 00,000,812 | ---- | C] () -- C:\Users\Public\Desktop\AutorunRemover.lnk
[2009/12/25 01:52:23 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/23 15:10:11 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2009/12/23 15:10:10 | 00,000,192 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2009/12/23 15:10:10 | 00,000,064 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2009/12/23 15:10:10 | 00,000,064 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2009/12/23 15:10:10 | 00,000,064 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2009/12/23 15:10:10 | 00,000,064 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2009/12/23 15:10:10 | 00,000,064 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2009/12/23 15:10:10 | 00,000,064 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2009/12/23 15:10:10 | 00,000,064 | ---- | C] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2009/12/23 15:10:10 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2009/12/23 15:10:10 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2009/12/23 15:10:10 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2009/12/23 15:10:10 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2009/12/23 15:10:10 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2009/12/23 15:10:10 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2009/12/23 15:10:10 | 00,000,028 | ---- | C] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2009/12/22 22:33:15 | 00,000,000 | ---- | C] () -- C:\Users\Yovanny\AppData\Roaming\EmailErr.log
[2009/12/22 00:11:43 | 00,000,822 | ---- | C] () -- C:\Users\Yovanny\Desktop\Driver Magician.lnk
[2009/12/22 00:11:42 | 00,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2009/12/20 23:34:03 | 00,524,288 | -HS- | C] () -- C:\Users\Yovanny\ntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TMContainer00000000000000000002.regtrans-ms
[2009/12/20 23:34:03 | 00,524,288 | -HS- | C] () -- C:\Users\Yovanny\ntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TMContainer00000000000000000001.regtrans-ms
[2009/12/20 23:34:03 | 00,065,536 | -HS- | C] () -- C:\Users\Yovanny\ntuser.dat{c37243a8-ede6-11de-9dc4-001aa01aec36}.TM.blf
[2009/12/20 04:06:12 | 00,000,505 | ---- | C] () -- C:\unPDVDDX.iss
[2009/12/20 01:08:14 | 00,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/20 01:08:14 | 00,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/18 03:34:31 | 00,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/12/17 23:58:55 | 00,049,152 | ---- | C] () -- C:\Windows\System32\ArmAccess.dll
[2009/12/17 22:12:57 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/17 19:38:38 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/16 23:53:01 | 00,000,036 | ---- | C] () -- C:\Users\Yovanny\AppData\Local\housecall.guid.cache
[2009/12/16 23:09:34 | 00,087,608 | ---- | C] () -- C:\Users\Yovanny\AppData\Roaming\inst.exe
[2009/12/16 23:09:34 | 00,007,887 | ---- | C] () -- C:\Users\Yovanny\AppData\Roaming\pcouffin.cat
[2009/12/16 23:09:34 | 00,001,144 | ---- | C] () -- C:\Users\Yovanny\AppData\Roaming\pcouffin.inf
[2009/12/16 23:09:31 | 00,000,985 | ---- | C] () -- C:\Users\Yovanny\Desktop\ConvertXtoDvd 3.lnk
[2009/12/16 22:24:31 | 00,001,044 | ---- | C] () -- C:\Users\Yovanny\AppData\Roaming\vso_ts_preview.xml
[2009/12/16 22:23:54 | 00,000,034 | ---- | C] () -- C:\Users\Yovanny\AppData\Roaming\pcouffin.log
[2009/12/14 00:39:24 | 00,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Mavis Beacon Teaches Typing Platinum 20.lnk
[2009/12/13 21:25:46 | 00,004,096 | -H-- | C] () -- C:\Users\Yovanny\AppData\Local\keyfile3.drm
[2009/12/09 23:10:58 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/10 20:58:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/09 09:22:06 | 00,071,680 | ---- | C] () -- C:\Users\Yovanny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:36:46 | 00,035,920 | ---- | C] () -- C:\Windows\System32\drivers\nvstor(44).sys
[2006/11/02 02:36:46 | 00,035,920 | ---- | C] () -- C:\Windows\System32\drivers\nvstor(175).sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/06/21 12:13:48 | 00,081,332 | ---- | C] () -- C:\Windows\System32\bass.dll

========== LOP Check ==========

[2010/01/07 17:00:14 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\.gaim
[2010/01/04 22:29:39 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\Auslogics
[2009/12/03 18:28:41 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\Broderbund
[2009/08/12 01:57:14 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/08 05:44:48 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\DMCache
[2010/01/01 05:00:34 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\GetRightToGo
[2009/12/15 23:34:34 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\IDM
[2009/08/08 22:02:14 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\TuneUp Software
[2009/08/08 22:07:49 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\URSoft
[2010/01/07 06:04:08 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\uTorrent
[2010/01/04 02:22:23 | 00,000,000 | ---D | M] -- C:\Users\Yovanny\AppData\Roaming\Vso
[2009/12/25 17:16:35 | 00,000,380 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2010/01/05 14:36:43 | 00,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/07 23:41:57 | 00,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{632F9E09-71A3-4950-B499-E0C85011FC99}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2010/01/06 03:21:38 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2038707313-1294981180-685258827-1000\$I10FS7H.mkv
[2010/01/06 00:39:27 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2038707313-1294981180-685258827-1000\$I3WM157.zip
[2009/12/15 20:35:27 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2038707313-1294981180-685258827-1000\$IB9IG3O.rm
[2009/08/10 20:40:31 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2038707313-1294981180-685258827-1000\$ICX6KH7.exe
[2009/08/12 01:55:32 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2038707313-1294981180-685258827-1000\$ILC1YZU.mkv
[2009/11/03 04:21:07 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2038707313-1294981180-685258827-1000\$INM0NB0.wmv
[2009/12/03 18:13:07 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2038707313-1294981180-685258827-1000\$ITAHI72.lnk
[2009/12/19 15:08:36 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2038707313-1294981180-685258827-1000\$IVX3TDU.torrent
[2009/08/08 21:44:41 | 00,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2038707313-1294981180-685258827-1000\desktop.ini
[2006/11/02 08:01:47 | 00,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-07 23:44:59


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/02/21 14:48:57 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/02/21 14:48:56 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\drivers\atapi.sys
[2007/02/21 14:48:56 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/02/21 14:48:56 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2009/08/08 23:06:12 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/08/08 23:06:12 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/08/08 23:06:11 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/11 01:27:20 | 00,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009/04/11 01:27:20 | 00,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/19 02:33:01 | 00,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006/11/02 04:44:50 | 00,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: BEEP.SYS >
[2008/01/19 00:49:10 | 00,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/19 00:49:10 | 00,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006/11/02 03:51:03 | 00,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009/08/08 23:04:21 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/08/08 23:04:19 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/08/08 23:04:18 | 02,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/08/08 23:28:53 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009/08/08 23:28:51 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/08/08 23:04:20 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: IMM32.DLL >
[2008/01/19 02:34:33 | 00,114,688 | ---- | M] (Microsoft Corporation) MD5=EC17194A193CD8E90D27CFB93DFA9A2E -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
[2006/11/02 04:46:05 | 00,115,200 | ---- | M] (Microsoft Corporation) MD5=EE12864398F1C3BF5BEE91F6AF9842E1 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\imm32.dll
[2009/04/11 01:28:20 | 00,114,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\imm32.dll
[2009/04/11 01:28:20 | 00,114,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/08/09 02:24:29 | 00,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2006/11/02 04:46:05 | 00,874,496 | ---- | M] (Microsoft Corporation) MD5=1E36AE445E4DA83B82D51FEB2D4F8772 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
[2009/08/09 02:24:32 | 00,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009/08/09 02:24:32 | 00,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009/08/09 02:24:29 | 00,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008/01/19 02:34:36 | 00,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[2009/04/11 01:28:20 | 00,891,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\kernel32.dll
[2009/04/11 01:28:20 | 00,891,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2006/11/02 04:46:10 | 00,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2009/04/11 01:28:22 | 00,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 01:28:22 | 00,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/19 02:35:15 | 00,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NDIS.SYS >
[2009/04/11 01:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 01:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006/11/02 04:51:42 | 00,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 02:43:31 | 00,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/08/08 23:06:14 | 01,060,920 | ---- | M] (Microsoft Corporation) MD5=2620822A21B76375F5FD6E0986407CD1 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys
[2009/08/08 23:19:24 | 01,060,920 | ---- | M] (Microsoft Corporation) MD5=37430AA7A66D7A63407ADC2C0D05E9F6 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
[2006/11/02 04:51:47 | 01,056,360 | ---- | M] (Microsoft Corporation) MD5=3F379380A4A2637F559444E338CF1B51 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16386_none_a43a67c1200088bf\ntfs.sys
[2009/04/11 01:32:49 | 01,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\System32\drivers\ntfs.sys
[2009/04/11 01:32:49 | 01,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2008/01/19 02:43:40 | 01,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
[2009/08/08 23:06:14 | 01,061,432 | ---- | M] (Microsoft Corporation) MD5=B5BE45B1F554DF9E1976CBC855365E60 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys
[2009/08/08 23:19:24 | 01,061,944 | ---- | M] (Microsoft Corporation) MD5=F08824715CA6076F5E73E005AB83B9C8 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2006/11/02 07:35:06 | 00,460,288 | ---- | M] (Microsoft Corporation) MD5=957CC0F372BB5D79C477363952276859 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6000.16386_none_0c076ff411279f33\ntmssvc.dll
[2008/01/19 02:35:58 | 00,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2007/01/06 00:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2007/01/06 00:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2007/01/06 00:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 04:45:33 | 00,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 04:45:33 | 00,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2008/01/19 02:36:13 | 00,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 04:46:12 | 00,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2009/04/11 01:28:23 | 00,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 01:28:23 | 00,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[2009/08/08 22:22:14 | 00,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2009/08/08 22:22:15 | 00,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2009/04/11 01:28:05 | 00,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\System32\spoolsv.exe
[2009/04/11 01:28:05 | 00,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2008/01/19 02:33:32 | 00,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2006/11/02 04:45:46 | 00,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 00,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/11 01:28:24 | 00,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\System32\termsrv.dll
[2009/04/11 01:28:24 | 00,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[2008/01/19 02:36:39 | 00,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[2006/11/02 04:46:13 | 00,427,520 | ---- | M] (Microsoft Corporation) MD5=FAD71C1E8E4047B154E899AE31EB8CAA -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WS2_32.DLL >
[2006/11/02 04:46:14 | 00,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008/01/19 02:37:09 | 00,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008/01/19 02:37:09 | 00,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 00,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 00,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CF778051
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B3D74A13
< End of report >


2) Extras:

OTL Extras logfile created on: 1/8/2010 5:50:20 AM - Run 4
OTL by OldTimer - Version 3.1.21.1 Folder = C:\Users\Yovanny\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 98.44 Gb Free Space | 66.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOVANNY-PC
Current User Name: Yovanny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9B25818C-1873-401A-8959-DA9A36DAF3DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B6AB7632-0EB6-4044-AEB8-749F781AFCDA}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF01415-124D-4613-A861-6907FCCF1A85}" = protocol=17 | dir=in | app=c:\users\yovanny\appdata\roaming\utorrent\wget.exe |
"{1C26269C-E9F4-41A2-AB03-962700459984}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{390FC2DA-6843-404E-9B7A-7BC2F7360432}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39145F9D-4C2D-4164-9F83-C2ED4E9A8873}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{45DDE365-B758-4DCB-822A-64D7C51B41D6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4EA8551A-C8CC-4EF5-8E40-1E77DCBCC07E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6D4A44EE-7CE7-4751-89BF-2348660028F4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CE6ED134-4F92-4FE9-B255-55063876FEB1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB1A2D72-BBE9-46A1-A167-693E3CBDC988}" = protocol=6 | dir=in | app=c:\users\yovanny\appdata\roaming\utorrent\wget.exe |
"{F1BD85E0-26DF-4FC4-94DE-27C325B432F7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{11AA35FE-4B34-41B2-A9EF-A32BCE169370}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{58956A92-4830-4DE0-A8E6-474F5879ABEB}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9CE986DE-B68E-4534-AD56-2D4BB52353AA}C:\users\yovanny\documents\downloads\programs\cryptload\cryptload_1.1.8\routerclient.exe" = protocol=6 | dir=in | app=c:\users\yovanny\documents\downloads\programs\cryptload\cryptload_1.1.8\routerclient.exe |
"UDP Query User{614D94A4-2E12-4DFF-9DCC-D39A6552A595}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6B5C5A71-F764-4645-BB80-49A6EF6BD4D2}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C0455047-131D-434F-B8E0-F80324167F63}C:\users\yovanny\documents\downloads\programs\cryptload\cryptload_1.1.8\routerclient.exe" = protocol=17 | dir=in | app=c:\users\yovanny\documents\downloads\programs\cryptload\cryptload_1.1.8\routerclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{5977A284-6ADB-4CC1-BEC5-1CDE7908ACA3}" = Vista Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.2.188
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Autorun Virus Remover_is1" = Autorun Virus Remover 2.3
"CCleaner" = CCleaner
"CobBackup9" = Cobian Backup 9
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Magician_is1" = Driver Magician 3.48
"Gaim" = Gaim (remove only)
"GameShark for GameBoy" = GameShark for GameBoy
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"Internet Download Manager" = Internet Download Manager
"Magic ISO Maker v5.4 (build 0248)" = Magic ISO Maker v5.4 (build 0248)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Nintendo DS - GBA Max Drive_is1" = Nintendo DS - GBA Max Drive
"NodEnabler" = NodEnabler 3.4.1
"NVIDIA Drivers" = NVIDIA Drivers
"Pokemon Netbattle Supremacy 1.0.52" = Pokemon Netbattle Supremacy 1.0.52
"RAM Saver Pro version 7.3" = RAM Saver Pro version 7.3
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Shoddy Battle" = Shoddy Battle

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2010 1:24:34 AM | Computer Name = Yovanny-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00046cb6, process id 0x734, application
start time 0x01ca8dbf4469bfa1.

Error - 1/5/2010 3:37:46 PM | Computer Name = Yovanny-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 1/5/2010 3:38:23 PM | Computer Name = Yovanny-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 1/5/2010 3:38:23 PM | Computer Name = Yovanny-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 1/7/2010 7:20:16 PM | Computer Name = Yovanny-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 1/7/2010 7:20:27 PM | Computer Name = Yovanny-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 1/7/2010 7:20:27 PM | Computer Name = Yovanny-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 1/7/2010 7:25:06 PM | Computer Name = Yovanny-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 1/7/2010 7:25:51 PM | Computer Name = Yovanny-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 1/7/2010 7:25:51 PM | Computer Name = Yovanny-PC | Source = Windows Search Service | ID = 3058
Description =

[ System Events ]
Error - 11/26/2009 8:27:48 AM | Computer Name = Yovanny-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001AA01AEC36 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/26/2009 8:27:53 PM | Computer Name = Yovanny-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001AA01AEC36 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/2/2009 10:52:20 PM | Computer Name = Yovanny-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:38:23 PM on 12/2/2009 was unexpected.

Error - 12/2/2009 10:59:37 PM | Computer Name = Yovanny-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:53:56 PM on 12/2/2009 was unexpected.

Error - 12/5/2009 6:30:46 PM | Computer Name = Yovanny-PC | Source = DCOM | ID = 10016
Description =

Error - 12/6/2009 1:13:23 PM | Computer Name = Yovanny-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001AA01AEC36 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/6/2009 2:54:44 PM | Computer Name = Yovanny-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001AA01AEC36 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/6/2009 3:09:53 PM | Computer Name = Yovanny-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:55:32 PM on 12/6/2009 was unexpected.

Error - 12/6/2009 3:09:55 PM | Computer Name = YOVANNY-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001AA01AEC36 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/8/2009 8:03:43 PM | Computer Name = Yovanny-PC | Source = DCOM | ID = 10005
Description =


< End of report >

Edited by theoriginal, 08 January 2010 - 06:10 AM.


#9 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:45 PM

Posted 08 January 2010 - 06:28 AM

  • Click Start > Run and type chkdsk /f and the click OK.
    • Note the space between the k and the /
  • Allow the scan to run and when completed, reboot the system. It may not run until you reboot!
==========

You may have corrupt critical system files. Let's see if we can fix that.
  • Select Posted Image
  • Select All Programs
  • Select Accessories
  • Right click Command Prompt and choose Run as administrator
Posted Image
  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Type in sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
  • If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue. This can be done with a borrowed DVD if you don't have one.
  • Be patient because the scan may take some time.
  • Allow the scan to run and when completed, reboot the system.
==========

Edited by chamber, 08 January 2010 - 06:29 AM.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#10 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:03:45 PM

Posted 08 January 2010 - 02:16 PM

Hello, ran both scans and didn't have any problems. SFC says it found no integrity violations. Chkdsk says no problems with the file system volume.

#11 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:45 PM

Posted 09 January 2010 - 05:32 AM

Can you try re running ComboFix for me?

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#12 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:03:45 PM

Posted 10 January 2010 - 01:16 PM

Going to run it normally (not administrator) as soon as I get back from my trip. I'll return home on the 22nd of this month so I'll run it then. I said I was going to the trip in this thread: http://www.bleepingcomputer.com/forums/ind...t&p=1567730 on the section that says "note". Thank You.

Edited by theoriginal, 10 January 2010 - 01:21 PM.


#13 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:45 PM

Posted 10 January 2010 - 02:44 PM

Thats ok.

Please send me a personal message when you return and we will pick up where we left off.

Enjoy your trip. :(

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#14 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:03:45 PM

Posted 23 January 2010 - 12:11 AM

Hi, I managed to run combofix successfully and it produced a log at the end. Before combofix started scanning for malware, it detected nod32 antivirus as being active even though I disabled it. I stopped the eset gui but it still was detected as active. I followed all instructions from this site to disable antivirus, firewall, and malware scanners. Combofix managed to run regardless. It detected an infected rootkit and restarted the computer to complete the removal process.

Here's the Combofix log:

ComboFix 10-01-21.08 - Yovanny 01/22/2010 23:40:12.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1470.720 [GMT -5:00]
Running from: c:\users\Yovanny\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\users\Yovanny\AppData\Roaming\inst.exe

Infected copy of c:\windows\system32\drivers\nvstor.sys was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!nvstor.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-23 04:49 . 2010-01-23 04:51 -------- d-----w- c:\users\Yovanny\AppData\Local\temp
2010-01-23 04:49 . 2010-01-23 04:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 01:01 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 01:01 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-07 03:39 . 2010-01-07 03:39 -------- d-----w- c:\programdata\Citrix
2010-01-07 03:38 . 2010-01-07 03:38 -------- d-----w- c:\program files\Citrix
2010-01-07 03:38 . 2010-01-07 03:38 -------- d-----w- c:\users\Yovanny\AppData\Local\Citrix
2010-01-06 15:59 . 2010-01-06 15:59 -------- d-----w- c:\users\Yovanny\AppData\Local\Apple
2010-01-06 06:05 . 2010-01-06 06:05 -------- d-----w- c:\users\Yovanny\AppData\Local\Apple Computer
2010-01-05 03:29 . 2010-01-05 03:29 -------- d-----w- c:\users\Yovanny\AppData\Roaming\Auslogics
2010-01-03 01:33 . 2010-01-21 10:30 -------- d-----w- c:\users\Yovanny\AppData\Local\Adobe
2010-01-01 10:08 . 2010-01-01 10:08 -------- d-----w- c:\programdata\PC Drivers HeadQuarters Inc
2010-01-01 09:59 . 2010-01-01 10:00 -------- d-----w- c:\users\Yovanny\AppData\Roaming\GetRightToGo
2010-01-01 09:27 . 2010-01-01 09:27 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-12-31 04:47 . 2009-12-31 04:47 -------- d-----w- c:\users\Yovanny\AppData\Local\RadarSync
2009-12-31 00:20 . 2009-12-31 00:27 -------- d-----w- c:\program files\AutorunRemover
2009-12-30 01:15 . 2009-12-30 01:15 -------- d-----w- c:\users\Yovanny\AppData\Roaming\DivX
2009-12-25 04:49 . 2009-12-25 04:49 -------- d-----w- c:\programdata\Cobian
2009-12-25 04:48 . 2009-12-25 04:49 -------- d-----w- c:\program files\Cobian Backup 9
2009-12-24 05:05 . 2009-12-24 05:05 -------- d-----w- c:\programdata\WindowsSearch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 04:51 . 2009-12-20 06:08 35085 ----a-w- c:\programdata\nvModes.dat
2010-01-23 04:24 . 2009-08-09 03:11 -------- d-----w- c:\users\Yovanny\AppData\Roaming\DMCache
2010-01-23 04:14 . 2009-08-09 03:21 -------- d-----w- c:\users\Yovanny\AppData\Roaming\.gaim
2010-01-14 16:12 . 2009-10-02 17:37 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 08:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-07 11:04 . 2009-08-09 15:21 -------- d-----w- c:\users\Yovanny\AppData\Roaming\uTorrent
2010-01-07 03:33 . 2010-01-07 03:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-01-04 07:22 . 2009-12-17 03:22 -------- d-----w- c:\users\Yovanny\AppData\Roaming\Vso
2010-01-04 07:20 . 2009-12-22 01:30 -------- d-----w- c:\users\Yovanny\AppData\Roaming\vlc
2010-01-04 07:17 . 2009-12-21 10:31 -------- d-----w- c:\users\Yovanny\AppData\Roaming\dvdcss
2010-01-02 06:38 . 2010-01-22 01:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 01:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 01:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 01:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-02 00:41 . 2010-01-02 00:41 52224 ----a-w- c:\users\Yovanny\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-02 00:41 . 2009-12-18 00:39 117760 ----a-w- c:\users\Yovanny\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-01 12:04 . 2009-12-17 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 12:04 . 2010-01-01 12:04 5061520 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 19:55 . 2009-12-18 03:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:54 . 2009-12-18 03:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 06:03 . 2009-12-23 10:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 08:13 . 2009-12-03 22:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-23 22:14 . 2009-08-12 05:05 -------- d-----w- c:\programdata\NOS
2009-12-23 21:30 . 2009-12-23 21:30 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-12-23 20:57 . 2009-12-23 20:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-23 12:19 . 2009-12-23 12:18 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-12-23 12:18 . 2009-12-23 12:18 -------- d-----w- c:\programdata\CA
2009-12-23 10:37 . 2009-12-23 10:37 -------- d-----w- c:\program files\Active Data Recovery Software
2009-12-23 07:42 . 2009-08-12 05:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-23 03:32 . 2009-12-23 03:32 -------- d-----w- c:\programdata\Colasoft Capsa
2009-12-22 05:21 . 2009-12-22 05:11 -------- d-----w- c:\program files\Driver Magician
2009-12-22 03:39 . 2009-08-09 03:35 -------- d-----w- c:\program files\ESET
2009-12-22 02:30 . 2009-12-22 02:21 -------- d-----w- c:\programdata\SecTaskMan
2009-12-22 00:22 . 2009-12-21 20:12 -------- d-----w- c:\program files\DivX
2009-12-22 00:22 . 2009-12-21 20:13 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-22 00:21 . 2009-12-22 00:21 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-21 10:24 . 2009-12-21 10:24 -------- d-----w- c:\program files\VideoLAN
2009-12-21 07:57 . 2009-12-21 06:07 -------- d-----w- c:\program files\Microsoft Works
2009-12-21 07:46 . 2009-08-09 02:44 83248 ----a-w- c:\users\Yovanny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-21 07:37 . 2009-12-21 07:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-21 05:32 . 2009-12-21 05:32 -------- d-----w- c:\program files\Microsoft.NET
2009-12-21 04:32 . 2009-11-20 14:50 -------- d-----w- c:\program files\Windows Live
2009-12-21 04:32 . 2009-11-20 14:52 -------- d-----w- c:\program files\Microsoft
2009-12-20 07:47 . 2009-12-20 07:47 -------- d-----w- c:\users\Yovanny\AppData\Roaming\CyberLink
2009-12-20 07:47 . 2009-12-20 07:47 -------- d-----w- c:\programdata\CyberLink
2009-12-20 07:46 . 2009-12-20 07:46 -------- d-----w- c:\programdata\Dell
2009-12-20 06:08 . 2009-12-20 06:07 -------- d-----w- c:\programdata\NVIDIA
2009-12-19 09:14 . 2009-08-09 03:01 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-19 09:14 . 2009-12-19 09:14 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-19 01:13 . 2009-12-19 01:13 -------- d-----w- c:\programdata\vsosdk
2009-12-18 18:58 . 2009-12-18 09:14 -------- d-----w- c:\programdata\avg9
2009-12-18 09:15 . 2009-12-18 09:15 -------- d-----w- c:\program files\AVG
2009-12-18 08:34 . 2009-12-18 08:34 -------- d-----w- c:\program files\uTorrent
2009-12-18 07:04 . 2009-08-15 06:31 -------- d-----w- c:\program files\NetBattle Supremacy
2009-12-18 00:38 . 2009-12-18 00:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-18 00:38 . 2009-12-18 00:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-18 00:38 . 2009-12-18 00:38 -------- d-----w- c:\users\Yovanny\AppData\Roaming\SUPERAntiSpyware.com
2009-12-18 00:37 . 2009-08-09 03:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-17 18:58 . 2009-12-17 18:58 -------- d-----w- c:\users\Yovanny\AppData\Roaming\Malwarebytes
2009-12-17 18:58 . 2009-12-17 18:58 -------- d-----w- c:\programdata\Malwarebytes
2009-12-17 04:45 . 2009-12-17 04:45 -------- d-----w- c:\program files\VSO
2009-12-17 04:09 . 2009-12-17 04:09 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-17 04:09 . 2009-12-17 04:09 47360 ----a-w- c:\users\Yovanny\AppData\Roaming\pcouffin.sys
2009-12-17 04:09 . 2009-12-17 04:09 47360 ----a-w- c:\users\Yovanny\AppData\Roaming\pcouffin.sys
2009-12-16 23:33 . 2009-12-16 23:33 -------- d-----w- c:\users\Yovanny\AppData\Roaming\DVD Flick
2009-12-16 04:34 . 2009-08-09 03:11 -------- d-----w- c:\users\Yovanny\AppData\Roaming\IDM
2009-12-15 21:13 . 2009-08-09 03:26 -------- d-----w- c:\program files\Common Files\Real
2009-12-15 21:11 . 2009-12-15 21:11 402952 ----a-w- c:\users\Yovanny\AppData\Roaming\Real\RealPlayer\setup\AU_setup11.exe
2009-12-14 05:39 . 2009-12-14 05:39 -------- d-----w- c:\program files\Broderbund
2009-12-12 21:40 . 2009-12-12 21:34 -------- d-----w- c:\programdata\Lavasoft
2009-12-12 04:49 . 2009-12-12 04:49 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-12-06 17:22 . 2009-12-06 17:01 -------- d-----w- c:\users\Yovanny\AppData\Roaming\Apple Computer
2009-12-06 17:01 . 2009-12-06 17:00 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-06 17:01 . 2009-12-06 17:00 -------- d-----w- c:\program files\iTunes
2009-12-06 17:00 . 2009-12-06 17:00 -------- d-----w- c:\program files\iPod
2009-12-06 17:00 . 2009-12-06 16:55 -------- d-----w- c:\program files\Common Files\Apple
2009-12-06 17:00 . 2009-12-06 16:58 -------- d-----w- c:\programdata\Apple Computer
2009-12-06 16:59 . 2009-12-06 16:59 -------- d-----w- c:\program files\Bonjour
2009-12-06 16:58 . 2009-12-06 16:58 -------- d-----w- c:\program files\QuickTime
2009-12-06 16:57 . 2009-12-06 16:57 -------- d-----w- c:\program files\Apple Software Update
2009-12-06 16:55 . 2009-12-06 16:55 -------- d-----w- c:\programdata\Apple
2009-12-03 23:28 . 2009-12-03 23:28 -------- d-----w- c:\users\Yovanny\AppData\Roaming\Broderbund
2009-12-03 23:28 . 2009-12-03 23:28 -------- d-----w- c:\programdata\Broderbund
2009-12-03 23:06 . 2009-12-03 22:41 -------- d-----w- c:\programdata\Protexis
2009-11-20 11:08 . 2009-12-23 07:42 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-20 11:08 . 2009-08-12 05:07 38784 ----a-w- c:\users\Yovanny\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-17 08:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 21:43 . 2009-12-08 23:56 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-03 21:42 . 2009-12-08 23:56 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 19:41 . 2009-12-08 23:56 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-25 08:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-26 18:08 . 2009-10-26 18:08 3119320 ----a-w- c:\users\Yovanny\AppData\Roaming\IDM\idmupdt.exe
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAMSaverPro"="c:\program files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe" [2007-10-09 155168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-15 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"RegistryMechanic"=c:\program files\Registry Mechanic\RMTray.exe /H
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:2d,b3,74,da,2a,1a,ca,01

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [5/14/2009 2:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [5/14/2009 2:49 PM 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 2:47 PM 731840]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 5:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 5:25 AM 251904]
S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\System32\drivers\dsreader.sys [12/22/2009 1:20 AM 19677]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [8/10/2009 1:06 AM 21504]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:09]

2010-01-22 c:\windows\Tasks\User_Feed_Synchronization-{632F9E09-71A3-4950-B499-E0C85011FC99}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\Yovanny\AppData\Roaming\Mozilla\Firefox\Profiles\47hbe1d0.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Yovanny\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 23:52
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2038707313-1294981180-685258827-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c7,18,3f,80,1c,c0,43,63,f1,a5,95,e6,c3,fb,b0,cc,c4,7b,83,9b,89,
c2,0c,02,7c,5f,f2,e3,92,ec,2e,2c,b8,a9,0d,e5,82,88,21,11,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2038707313-1294981180-685258827-1000_Classes\CLSID\{e5d1c0d1-2123-4d5f-9bda-44547fd70aa5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000125
"Therad"=dword:00000012
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-22 23:57:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-23 04:57

Pre-Run: 85,577,764,864 bytes free
Post-Run: 85,545,353,216 bytes free

- - End Of File - - 0A1EF9ED8FC624B1E8EC33F8A082B644

Edited by theoriginal, 23 January 2010 - 12:16 AM.


#15 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:45 PM

Posted 29 January 2010 - 10:34 AM

Hi Sorry for the delay,

Was laid up with a pretty bad chest infection and then my real job was unbelievably hectic due to my time off, I am trying to get caught up with everything now.

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.*
    %userprofile%\Desktop\*.*
    %userprofile%\Desktop\*.
    %userprofile%\startmenu\*.*
    %userprofile%\startmenu\*.

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users