Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help: Browser redirects to "wrong" sites in both IE8 & MF3.5.7


  • This topic is locked This topic is locked
27 replies to this topic

#1 hae

hae

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 28 January 2010 - 01:42 AM

Hello,

DESCRIPTION OF PROBLEM:

After upgrading Windows XP SP2 to SP3, on three separate occasions, my computer was infected by the Trojan Vundo (aka Virtumonde), the Anti-Virus Live virus (fake anti-virus program), and the Internet Security 2010 virus (fake anti-virus program).

After the Trojan Vundo infection, I installed SpyBot Search & Destroy. The settings included running TeaTimer in the background, but this did not prevent the subsequent two infections from occurring.

After the Anti-Virus Live virus infection, I uninstalled McAfee's Anti-Virus program from my computer (since it did not even pick up the previous two viruses) and installed Panda Internet Security 2010. Panda caught the Internet Security 2010 virus, but was not able to fully prevent it from installing itself on my computer.

I removed the three viruses using Malaware Bytes' Anti-Malware (MBAM) + Uniblue's RegistryBooster programs + manual deletion of files picked up by MBAM that MBAM could not automatically delete itself.

I am now having problems with both Internet Explorer (IE) and Mozilla Firefox (MF) redirecting to "wrong" sites. (Perhaps this is a remnant bug left by the Internet Security 2010 virus.) I usually use MF. When I enter a query through google.com, it produces results, but when I click on the results, I am redirected to a site unrelated to the query results, or to a "### Forbidden" or "Page Not Found" error message. I can usually (but not always) reach the desired URL by pressing the "back" button on the browser, but it is frustrating being forced to browse the Internet this way. The "wrong" sites appear to be random and I have not noticed a common URL among them.

I wondered if it might be a problem specific to the Google search engine, so I tested Bing -- same results, although perhaps only every few links redirect, rather than every link. I don't use IE anymore and had IE6 on my computer, so I upgraded to IE8, then tested again. Same thing happens as in MF.

As of this posting, it appears that the "redirect" does not occur on any "bookmarked" sites.

DDS REPORT:

QUOTE
DDS (Ver_09-12-01.01) - NTFSx86
Run by hae at 19:47:17.62 on Wed 01/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1094 [GMT -10:00]

AV: Panda Internet Security 2010 *On-access scanning enabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2010 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2010\WebProxy.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost -k Panda
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\DOCUME~1\hae\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\hae\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119
mSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative MediaSource Go] "c:\program files\creative\mediasource5\go\CTCMSGoU.exe" /SCB
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [ClubBox]
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2010\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2010\Inicio.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\SnagIt32.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://clubgames.pogo.com/online2/pogop/diner_dash/DinerDash.1.0.0.80.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: yuzimugan - {50c1234d-de7c-4501-95b8-c117770b5088} - No File
SSODL: vilunepat - {0e8bf617-7446-45da-8b7f-c98f13f1c7d3} - No File
STS: {50c1234d-de7c-4501-95b8-c117770b5088}: kupuhivus
STS: {0e8bf617-7446-45da-8b7f-c98f13f1c7d3}: gahurihor
LSA: Notification Packages = scecli sohovaha.dll

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2010-1-18 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-1-18 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-1-18 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-1-18 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-1-18 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-1-18 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-1-18 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-1-18 46720]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2010\PsCtrlS.exe [2010-1-18 173312]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2010-1-18 84024]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2010\PavFnSvr.exe [2010-1-18 169216]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-1-18 177416]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2010-1-18 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda internet security 2010\PAVSRV51.EXE [2010-1-18 290048]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2010\psksvc.exe [2010-1-18 28928]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-26 24652]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2010-1-18 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2010-1-18 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [2007-4-9 18580]
S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [2007-4-9 50258]
S3 JL2004A;JL2004A Photo Viewer;c:\windows\system32\drivers\pv_wdm.sys [2007-2-13 63289]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2010-01-28 05:45:27 0 d-sh--w- c:\documents and settings\hae\PrivacIE
2010-01-28 04:07:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-28 04:07:27 0 d-----w- c:\windows\ie8updates
2010-01-28 04:07:05 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-28 04:07:05 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-28 04:07:05 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-28 04:07:04 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-28 04:07:04 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-28 04:07:04 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-28 04:06:30 0 dc-h--w- c:\windows\ie8
2010-01-27 06:19:41 1 ----a-w- C:\s
2010-01-25 03:12:59 173898 ----a-w- C:\pigsband1024.jpg
2010-01-24 20:21:55 0 d-----w- c:\docume~1\alluse~1\applic~1\SSKEYIMGYG
2010-01-18 20:51:35 8627 ----a-w- c:\windows\system32\PAV_FOG.OPC
2010-01-18 20:27:14 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-18 20:25:21 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-01-18 20:20:00 262 ----a-w- c:\windows\system32\PavCPL.dat
2010-01-18 20:19:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Backup
2010-01-18 20:18:58 84024 ----a-w- c:\windows\system32\drivers\pavdrv51.sys
2010-01-18 20:18:58 58672 ----a-w- c:\windows\system32\avldr.dll
2010-01-18 20:18:57 0 d-----w- c:\windows\system32\PAV
2010-01-18 20:18:51 0 d-----w- c:\program files\Panda Security
2010-01-18 20:18:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2010-01-18 20:13:33 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-18 20:12:25 41144 ----a-r- c:\windows\system32\drivers\ShlDrv51.sys
2010-01-18 20:12:25 177416 ----a-r- c:\windows\system32\drivers\PavProc.sys
2010-01-18 20:12:24 0 d-----w- c:\program files\common files\Panda Security
2010-01-17 20:20:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 20:20:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-17 20:20:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 20:20:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-10 19:01:11 218013 ----a-w- C:\gopher1desk1024.jpg
2010-01-10 19:01:07 150160 ----a-w- C:\gopher1desk800.jpg
2010-01-07 10:39:55 0 d-----w- c:\docume~1\alluse~1\applic~1\RJKEYIMGYG
2010-01-05 04:44:19 54156 ---ha-w- c:\windows\QTFont.qfn
2010-01-05 04:44:19 1409 ----a-w- c:\windows\QTFont.for
2010-01-03 04:44:42 0 d-----w- c:\docume~1\alluse~1\applic~1\VZKEYIMGYG
2010-01-03 04:27:44 0 d-----w- c:\docume~1\alluse~1\applic~1\BMKEYIMGYG

==================== Find3M ====================

2010-01-28 05:46:06 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-01-28 05:46:06 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-01-28 05:45:35 231556 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-01-28 05:45:35 231556 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-01-04 18:31:00 25 ----a-w- C:\Board.Dat
2009-12-26 13:50:20 14336 ----a-w- c:\windows\system32\svchost.exe
2009-12-26 13:50:20 14336 ----a-w- c:\windows\system32\dllcache\svchost.exe
2009-12-22 05:21:02 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-22 05:20:58 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-22 05:20:58 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2002-08-01 05:55:12 224 --sh--w- c:\windows\WSYS049.SYS
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-04-26 10:17:36 2878 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll

============= FINISH: 19:48:09.42 ===============



I read through the Preparation Guide thread and hope I have done everything correctly (except that I do not know what a Kaspersky scan is so am not including one here). The Attach.txt and Ark.txt files are attached as directed.

Appreciate any assistance that can be provided. Thank you much.

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 PM

Posted 04 February 2010 - 01:50 PM

Hello, I understand you will be away until the end of february.

I will keep this thread open and monitored. If you are ready to move on with the clean up, just post here to let me know. I will bump this topic every few days to reset the time stamp so I will not loose track of it.

If you have any questions, please ask them smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 PM

Posted 12 February 2010 - 02:52 PM

Bump to reset time stamp.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 PM

Posted 19 February 2010 - 10:39 AM

Bump to reset timestamp.

Please post a reply here when you get back smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 hae

hae
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 24 February 2010 - 03:10 AM

Hello! Thank you for monitoring my thread - it is much appreciated.

I have returned and am ready to move on with the clean up thumbup2.gif

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 PM

Posted 24 February 2010 - 03:33 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 hae

hae
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 25 February 2010 - 11:56 AM

Hi Elise, and thank you much for helping me. No apologies necessary for any delay in your being able to respond. I am asking you for a favor and am happy to work on your schedule.

DESCRIPTION OF PROBLEM:

After upgrading Windows XP SP2 to SP3, on three separate occasions, my computer was infected by the Trojan Vundo (aka Virtumonde), the Anti-Virus Live virus (fake anti-virus program), and the Internet Security 2010 virus (fake anti-virus program).

After the Trojan Vundo infection, I installed SpyBot Search & Destroy. The settings included running TeaTimer in the background, but this did not prevent the subsequent two infections from occurring.

After the Anti-Virus Live virus infection, I uninstalled McAfee's Anti-Virus program from my computer (since it did not even pick up the previous two viruses) and installed Panda Internet Security 2010. Panda caught the Internet Security 2010 virus, but was not able to fully prevent it from installing itself on my computer.

I removed the three viruses using Malaware Bytes' Anti-Malware (MBAM) + Uniblue's RegistryBooster programs + manual deletion of files picked up by MBAM that MBAM could not automatically delete itself.

At the time of creation of this thread, I was having problems with both Internet Explorer (IE) and Mozilla Firefox (MF) redirecting to "wrong" sites. When I enter a query through google.com, it produces results, but when I click on the results, I am redirected to a site unrelated to the query results, or to a "### Forbidden" or "Page Not Found" error message. I can usually (but not always) reach the desired URL by pressing the "back" button on the browser, but it is frustrating being forced to browse the Internet this way. The "wrong" sites appear to be random and I have not noticed a common URL among them. I tested other search engines; same issue, but every few links redirect, instead of every link. Version of IE on my computer was IE6 so I upgraded to IE 8, then tested again. Problem is not specific to MF browser.

The "redirect" does not occur on any "bookmarked" sites.

I then had to go out of town, and tested the computer again when I returned. The same problem still exists.

I have run new scans per the directions in your reply. Here are the logs you requested.

OTLListIt.txt

QUOTE
OTL logfile created on: 2/24/2010 7:40:08 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\hae\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 926.80 Gb Total Space | 526.41 Gb Free Space | 56.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YUKIPC
Current User Name: hae
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/24 19:39:30 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hae\Desktop\OTL.exe
PRC - [2010/02/24 19:36:44 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\hae\Local Settings\Temp\clclean.0001
PRC - [2010/01/31 18:44:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/06/05 16:22:08 | 000,574,720 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\ApVxdWin.exe
PRC - [2009/06/01 13:26:26 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrlS.exe
PRC - [2009/05/28 12:12:04 | 000,196,864 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE
PRC - [2009/05/28 12:11:40 | 000,290,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PAVSRV51.EXE
PRC - [2009/04/28 09:21:38 | 000,169,216 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
PRC - [2009/04/23 12:31:16 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\WebProxy.exe
PRC - [2009/04/21 09:12:52 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe
PRC - [2009/04/17 10:17:24 | 000,157,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe
PRC - [2009/04/08 10:56:24 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2010\FIREWALL\PSHost.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/08/10 15:46:44 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/27 13:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\SrvLoad.exe
PRC - [2008/06/25 15:43:08 | 000,028,928 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\psksvc.exe
PRC - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
PRC - [2008/05/16 17:12:44 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/05/16 17:12:08 | 000,430,080 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/05/15 16:49:54 | 000,054,600 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\TscHelp.exe
PRC - [2008/05/15 16:49:44 | 007,333,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\SnagItEditor.exe
PRC - [2008/05/15 16:49:44 | 006,822,728 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
PRC - [2008/05/15 16:49:44 | 000,075,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
PRC - [2008/04/13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/04 05:26:48 | 000,062,768 | R--- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/09/13 15:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/06/13 10:39:12 | 000,073,728 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/02/20 15:18:32 | 000,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2007/01/19 16:03:41 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2007/01/04 11:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 11:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/21 15:09:02 | 000,842,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2006/11/21 15:08:57 | 000,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2006/09/28 09:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2006/07/24 06:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 03:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 03:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/06/07 11:03:20 | 000,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/03/20 17:34:50 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/02/28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/02/16 05:20:20 | 001,118,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
PRC - [2006/01/02 13:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/31 06:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/10/04 23:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 01:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/04/07 08:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/07/25 04:14:02 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [1999/12/12 07:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/24 19:39:30 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hae\Desktop\OTL.exe
MOD - [2009/03/30 18:22:58 | 000,518,400 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2009/03/18 19:18:48 | 000,095,488 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PavOEpl.dll
MOD - [2007/06/13 10:39:22 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll
MOD - [2007/02/08 10:53:40 | 000,107,568 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2003/03/19 05:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCP71.DLL
MOD - [2003/02/21 13:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCR71.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/01/31 18:44:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/01 13:26:26 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/05/28 12:11:40 | 000,290,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe -- (PAVSRV)
SRV - [2009/05/09 17:48:53 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/04/28 09:21:38 | 000,169,216 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2009/04/17 10:17:24 | 000,157,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe -- (TPSrv)
SRV - [2009/04/08 10:56:24 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE -- (PSHost)
SRV - [2008/08/10 15:46:44 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/08/02 10:54:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/02 14:09:36 | 000,060,160 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\GWMsrv.dll -- (Gwmsrv)
SRV - [2008/06/25 15:43:08 | 000,028,928 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe -- (PskSvcRetail)
SRV - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/05/16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/02/04 05:26:48 | 000,062,768 | R--- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/19 16:03:41 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2007/01/04 11:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/07/06 03:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/06/07 11:03:20 | 000,409,600 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/06/01 12:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel®
SRV - [2006/02/28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2004/04/07 08:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/07/28 08:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/14 02:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [1999/12/12 07:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (PavSRK.sys)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2010/02/24 19:39:00 | 000,013,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2009/06/02 01:12:02 | 000,177,416 | R--- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/09 14:40:31 | 000,103,744 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/02/17 07:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/16 08:14:20 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/11/13 02:45:58 | 000,015,104 | R--- | M] (©NOWCOM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nowmemdf.sys -- (NOWMEMDF)
DRV - [2008/07/11 14:58:26 | 000,158,848 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2008/06/26 11:25:28 | 000,197,888 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\neti1634.sys -- (NETIMFLT01060034)
DRV - [2008/06/25 15:42:18 | 000,073,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/18 16:06:10 | 000,046,720 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2008/06/18 16:06:04 | 000,193,792 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2008/06/18 16:06:02 | 000,052,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2008/04/28 17:35:14 | 000,084,024 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2008/04/13 08:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 08:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 08:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 06:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 11:25:06 | 000,022,072 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2008/03/04 03:59:42 | 000,041,144 | R--- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2008/02/01 14:00:00 | 000,021,760 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/02/01 14:00:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/02/01 14:00:00 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/12/12 22:08:56 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/11/13 00:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/02/15 14:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/02/15 14:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/02/13 17:36:14 | 000,063,289 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pv_wdm.sys -- (JL2004A)
DRV - [2006/11/07 21:02:34 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2006/09/27 11:53:22 | 000,036,560 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/07/24 06:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/19 11:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/07/06 02:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/06/07 11:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/04 23:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/15 03:56:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Cunic.sys -- (se2Cunic) Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (WDM)
DRV - [2006/05/15 03:56:42 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Cobex.sys -- (SE2Cobex)
DRV - [2006/05/15 03:56:40 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Cnd5.sys -- (se2Cnd5) Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (NDIS)
DRV - [2006/05/15 03:56:38 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Cmgmt.sys -- (SE2Cmgmt) Sony Ericsson Device 044 USB WMC Device Management Drivers (WDM)
DRV - [2006/05/15 03:56:36 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Cmdm.sys -- (SE2Cmdm)
DRV - [2006/05/15 03:56:34 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Cmdfl.sys -- (SE2Cmdfl)
DRV - [2006/05/09 11:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 11:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 11:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 11:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 11:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/01/10 07:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/03 20:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2006/01/03 15:58:00 | 000,269,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2005/09/11 23:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 01:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 01:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 01:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 01:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 01:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 01:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 01:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 08:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 08:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 01:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/24 22:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/09 23:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/09 23:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/09/30 01:27:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/08/10 01:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/07/09 03:12:00 | 000,050,258 | R--- | M] (Adaptec Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcuwilo.sys -- (AvcUWilo)
DRV - [2003/07/09 03:11:00 | 000,018,580 | R--- | M] (Adaptec, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcuwfl.sys -- (AVC2310F)
DRV - [2003/05/14 02:19:54 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/05/14 02:19:52 | 000,051,056 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/05/14 02:17:54 | 000,021,488 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/21 12:34:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/10 12:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 10:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 10:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 10:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 10:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 10:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 09:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 09:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 09:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 09:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 09:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 09:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 09:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 09:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 09:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 09:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 08:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



IE - HKU\S-1-5-21-3529963873-1867969806-4055565296-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119
IE - HKU\S-1-5-21-3529963873-1867969806-4055565296-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-3529963873-1867969806-4055565296-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119
IE - HKU\S-1-5-21-3529963873-1867969806-4055565296-1007\S-1-5-21-3529963873-1867969806-4055565296-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/19 20:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/18 10:59:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 19:08:24 | 000,000,000 | ---D | M]

[2010/02/04 09:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hae\Application Data\Mozilla\Extensions
[2010/02/04 09:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hae\Application Data\Mozilla\Firefox\Profiles\hdc87nm5.default\extensions
[2010/02/04 09:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hae\Application Data\Mozilla\Firefox\Profiles\hdc87nm5.default\extensions\staged-xpis
[2010/01/31 18:44:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 07:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/08/10 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3529963873-1867969806-4055565296-1007\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [ClubBox] File not found
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-3529963873-1867969806-4055565296-1007..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\yuki\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3529963873-1867969806-4055565296-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} http://sticube.clubbox.co.kr/sticubeupdate...NowStarter2.cab (NowStarter2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.games.yahoo.com/games/web_...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://clubgames.pogo.com/online2/pogop/di...sh.1.0.0.80.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab (KvpIspCtlD Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)
O21 - SSODL: vilunepat - {0e8bf617-7446-45da-8b7f-c98f13f1c7d3} - CLSID or File not found.
O21 - SSODL: yuzimugan - {50c1234d-de7c-4501-95b8-c117770b5088} - CLSID or File not found.
O22 - SharedTaskScheduler: {0e8bf617-7446-45da-8b7f-c98f13f1c7d3} - gahurihor - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {50c1234d-de7c-4501-95b8-c117770b5088} - kupuhivus - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\hae\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\hae\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 00:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0e469853-c112-11dd-b756-00038a000015}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/24 19:39:24 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hae\Desktop\OTL.exe
[2010/02/21 19:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Application Data\GRETECH
[2010/02/04 11:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/02/04 09:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\Mozilla
[2010/02/04 09:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Application Data\Mozilla
[2010/01/31 18:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/31 18:44:38 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/31 18:44:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/31 18:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Application Data\Sun
[2010/01/31 08:21:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\hae\IECompatCache
[2010/01/31 08:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Application Data\Malwarebytes
[2010/01/30 00:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\Adobe
[2010/01/29 22:03:36 | 000,000,000 | ---D | C] -- C:\e896996ad1b29d530a
[2010/01/29 22:03:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/01/27 19:51:33 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\hae\Desktop\RootRepeal.exe
[2010/01/27 19:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Application Data\Macromedia
[2010/01/27 19:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Application Data\Adobe
[2010/01/27 19:45:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\hae\PrivacIE
[2010/01/27 19:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\Windows Live Writer
[2010/01/27 19:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\My Documents\SnagIt
[2010/01/27 19:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\TechSmith
[2010/01/27 19:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\Panda Security
[2010/01/27 19:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\Scansoft
[2010/01/27 19:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Application Data\Real
[2010/01/27 19:43:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\hae\IETldCache
[2010/01/27 19:43:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\hae\Application Data\Microsoft
[2010/01/27 19:43:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\hae\SendTo
[2010/01/27 19:43:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\hae\Recent
[2010/01/27 19:43:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\hae\Application Data
[2010/01/27 19:43:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hae\Start Menu
[2010/01/27 19:43:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hae\My Documents\My Pictures
[2010/01/27 19:43:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hae\My Documents\My Music
[2010/01/27 19:43:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hae\My Documents
[2010/01/27 19:43:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hae\Favorites
[2010/01/27 19:43:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\hae\Cookies
[2010/01/27 19:43:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\hae\Templates
[2010/01/27 19:43:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\hae\PrintHood
[2010/01/27 19:43:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\hae\NetHood
[2010/01/27 19:43:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\hae\Local Settings
[2010/01/27 19:43:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\hae\Application Data\Gtek
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\Yahoo
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\Wildtangent
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\My Documents\VoiceCenter
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\Microsoft
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Application Data\InstallShield
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Application Data\Identities
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\Google
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Desktop
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\ATI
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Application Data\ATI
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\ApplicationHistory
[2010/01/27 19:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hae\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/01/27 18:07:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/27 18:07:05 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/27 18:07:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/27 18:07:04 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/27 18:07:04 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/27 18:06:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/01/27 18:06:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/02/16 17:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/18 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2008/01/18 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/01/18 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2005/08/16 00:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 00:30:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 00:30:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/24 19:39:30 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hae\Desktop\OTL.exe
[2010/02/24 19:39:09 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2010/02/24 19:39:09 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2010/02/24 19:39:09 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2010/02/24 19:39:09 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2010/02/24 19:39:09 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2010/02/24 19:39:09 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2010/02/24 19:39:09 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2010/02/24 19:39:09 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2010/02/24 19:39:09 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2010/02/24 19:39:09 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2010/02/24 19:39:08 | 000,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2010/02/24 19:39:08 | 000,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2010/02/24 19:39:00 | 000,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2010/02/24 19:37:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/24 19:37:23 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2010/02/24 19:37:23 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2010/02/24 19:37:23 | 000,000,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2010/02/24 19:37:23 | 000,000,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2010/02/24 19:36:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/24 19:36:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/24 19:36:07 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/24 19:35:58 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2010/02/24 19:28:41 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\hae\NTUSER.DAT
[2010/02/24 18:08:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/02/23 22:16:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\hae\ntuser.ini
[2010/02/23 22:11:41 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2010/02/22 23:00:40 | 000,253,276 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/02/22 23:00:40 | 000,253,276 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/02/04 10:15:29 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\hae\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 06:12:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/31 18:44:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/31 18:44:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/31 18:44:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/31 18:44:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/31 18:44:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/31 08:13:56 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2010/01/30 13:43:59 | 000,507,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/30 13:43:59 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/30 13:43:59 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/29 23:51:28 | 001,796,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/29 21:52:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/27 19:51:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\hae\Desktop\settings.dat
[2010/01/27 19:51:38 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\hae\Desktop\RootRepeal.exe
[2010/01/27 19:47:10 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\hae\Desktop\dds.scr
[2010/01/27 19:44:34 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\hae\Local Settings\Application Data\fusioncache.dat
[2010/01/27 19:44:02 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\hae\Desktop\Windows Media Player.lnk
[2010/01/26 20:19:41 | 000,000,001 | ---- | M] () -- C:\s
[2010/01/25 22:09:21 | 000,000,043 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/04 10:15:26 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\hae\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 06:12:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/27 19:51:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hae\Desktop\settings.dat
[2010/01/27 19:47:08 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\hae\Desktop\dds.scr
[2010/01/27 19:44:02 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\hae\Desktop\Windows Media Player.lnk
[2010/01/27 19:43:45 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\hae\Desktop\Media Center.lnk
[2010/01/27 19:43:43 | 002,359,296 | -H-- | C] () -- C:\Documents and Settings\hae\NTUSER.DAT
[2010/01/27 19:43:43 | 000,491,166 | ---- | C] () -- C:\Documents and Settings\hae\TRANSFORMS=1033.mst
[2010/01/27 19:43:43 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\hae\ntuser.ini
[2010/01/27 19:43:43 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\hae\Local Settings\Application Data\fusioncache.dat
[2010/01/26 20:19:41 | 000,000,001 | ---- | C] () -- C:\s
[2010/01/18 10:25:21 | 000,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2009/04/06 21:25:06 | 000,000,224 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2009/01/30 23:56:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/09/18 11:04:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll
[2008/07/31 18:27:04 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/07/31 18:27:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/07/31 18:26:56 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008/03/27 18:22:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2007/12/27 02:24:13 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/05/24 12:29:14 | 000,000,901 | ---- | C] () -- C:\WINDOWS\System32\drivers\JL2004A_PhotoViewer_Tools.sys
[2007/04/08 02:42:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/04/06 07:29:21 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/05 23:10:45 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/03/18 17:16:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\nod.dll
[2007/03/18 17:16:00 | 000,174,635 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini
[2007/03/18 17:15:55 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini
[2007/01/31 03:24:04 | 000,002,878 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/29 00:20:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\X2CD.INI
[2007/01/29 00:14:22 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2007/01/29 00:14:22 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/29 00:14:22 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/01/29 00:14:22 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/29 00:14:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/01/29 00:14:22 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2007/01/29 00:14:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/01/19 16:18:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/19 16:11:22 | 000,000,319 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/19 16:07:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/19 16:03:54 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2007/01/19 16:03:42 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2007/01/19 16:03:29 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2007/01/19 15:43:16 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2007/01/19 15:42:03 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/09 21:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 00:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 10:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/20 14:08:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2001/12/31 04:59:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2001/12/31 04:59:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:8CE6F1DEE45F5F68
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEF919E6
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:570D13DC
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC428E9F
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAB23F74
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EAE3ABC
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76C67845
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D458568
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:550179F5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FCD73D7
< End of report >


Extra.txt

QUOTE
OTL Extras logfile created on: 2/24/2010 7:40:08 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\hae\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 926.80 Gb Total Space | 526.41 Gb Free Space | 56.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YUKIPC
Current User Name: hae
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PAVSCRIP.EXE (Panda Security, S.L.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\WINDOWS\system32\fscagent.exe" = C:\WINDOWS\system32\fscagent.exe:*:Enabled:클럽박스 파일전송 데몬 -- (Nowcom Co., Ltd.)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client -- (Veoh Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1170AC82-4748-4EAA-8837-F0379A9D47B7}" = LG PC Suite II
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{20BB7EE4-9750-4EAC-B202-7A79B12B6382}" = Panda Internet Security 2010
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Advanced Decoder Patch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}" = ATI Catalyst Control Center
"{6A4E7F5F-D823-42E2-A735-C03B18FAC690}" = Gypsy Sync
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6D74E1F4-32D5-44D0-9054-8D57E981F59F}_is1" = Flash Saving Plugin
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}" = Corel Snapfire Plus
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.7.121
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}" = Panda Internet Security 2010
"{7C49EA42-5647-4051-84C2-E6404F25A931}" = Yahoo! Music Jukebox
"{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}" = Intel Viiv Software
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82A7FF7D-CB60-4E31-B9FE-36C1A458AE4E}" = Mega Manager
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113269180}" = Mahjong Garden Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114079860}" = Tri Peaks 2 Quest For The Ruby Ring
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114780403}" = Word Riot Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115469933}" = Scrapbook Paige
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551167}" = Diner Dash Family Style
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11562057}" = PICTUREKA! MUSEUM MAYHEM
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115723300}" = Book of Legends
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115785620}" = Fabulous Finds
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116555140}" = Farm Frenzy Pizza Party
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116878750}" = Adventures of Robinson Crusoe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117363837}" = Mortimer Beckett and the Time Paradox
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117386723}" = Sally뭩 Spa
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117870793}" = Mahjong Memoirs
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}" = WD Drive Manager (x86)
"{ED57CE70-0DC6-49AB-A33E-FAC212A6AF5E}" = Creative MuVo V100
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE893E2C-11B4-47CB-88F6-6647D90C6A13}" = ScanSoft OmniPage SE 4
"26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
"651956B7-1969-42AA-9453-E0B813019D54" = Polar Golfer
"클럽박스 파일잔송겨리자" = 클럽박스 파일전송관리자
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"America Online us" = America Online (Choose which version to remove)
"AnyDVD" = AnyDVD
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Instant Messenger" = AOL Instant Messenger
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BFGC" = Big Fish Games Client
"BFG-Cooking Dash - DinerTown Studios" = Cooking Dash: DinerTown Studios
"BFG-Diner Dash Flo on the Go" = Diner Dash Flo on the Go
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst
"Canon MX850 series User Registration" = Canon MX850 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CK Becky Higgins' Creative Clips" = CK Becky Higgins' Creative Clips
"CK Creative Clips and Fonts for Home, Family & Pets" = CK Creative Clips and Fonts for Home, Family & Pets
"CK Creative Clips and Fonts for Special Occasions" = CK Creative Clips and Fonts for Special Occasions
"CK Everyday Celebrations" = CK Everyday Celebrations
"CK Font Organizer" = CK Font Organizer
"CK Fresh Fonts by Ali Edwards" = CK Fresh Fonts by Ali Edwards
"CK Heritage, Vintage and Retro Triple Pack" = CK Heritage, Vintage and Retro Triple Pack
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"Clubbox 파일전송관리자" = Clubbox 파일전송관리자
"Creative Audio Pack" = Creative Audio Pack
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"D1A6F3FD-7B40-443F-8767-BADB25A0D222" = Blasterball 2
"Dell Game Console" = Dell Game Console
"Diner Dash 2" = Diner Dash 2 (remove only)
"Dream Day Bundle" = Dream Day Bundle (remove only)
"Dream Day First Home" = Dream Day First Home (remove only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EL" = Intel® Quick Resume Technology Drivers
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"GOM Player" = GOM Player
"hp photosmart 7900 series_Driver" = hp photosmart 7900 series
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.48 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"MsgPlus! Plugin" = Messenger Plus! 3
"PalTalk8.2" = PaltalkScene
"Photo Viewer_is1" = Uninstall Photo Viewer
"Picasa2" = Picasa 2
"PremElem20" = Adobe Premiere Elements 2.0
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"SearchAssist" = SearchAssist
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SUPER " = SUPER Version 2008.bld.30 (Mar 22, 2008)
"SysInfo" = Creative System Information
"TVAnts 1.0" = TVAnts 1.0
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wedding Dash" = Wedding Dash (remove only)
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X2CD" = X2CD (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zuma" = Zuma (remove only)
"Zuma's Revenge!" = Zuma's Revenge!

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2010 4:12:18 PM | Computer Name = YUKIPC | Source = Application Error | ID = 1000
Description = Faulting application mtdacqu.exe, version 5.0.8.0, faulting module
mswstr10.dll, version 4.0.9502.0, fault address 0x000058f3.

Error - 1/18/2010 4:33:49 PM | Computer Name = YUKIPC | Source = Application Error | ID = 1000
Description = Faulting application TPSrv.exe, version 9.2.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.

Error - 1/18/2010 4:57:17 PM | Computer Name = YUKIPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2010 5:09:08 PM | Computer Name = YUKIPC | Source = Application Error | ID = 1000
Description = Faulting application mtdacqu.exe, version 5.0.8.0, faulting module
mswstr10.dll, version 4.0.9502.0, fault address 0x000058f3.

Error - 1/20/2010 7:15:43 AM | Computer Name = YUKIPC | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 1/26/2010 9:41:03 PM | Computer Name = YUKIPC | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/26/2010 9:41:34 PM | Computer Name = YUKIPC | Source = Application Error | ID = 1000
Description = Faulting application mtdacqu.exe, version 5.0.8.0, faulting module
mswstr10.dll, version 4.0.9502.0, fault address 0x000058f3.

Error - 1/27/2010 2:49:41 AM | Computer Name = YUKIPC | Source = Application Error | ID = 1000
Description = Faulting application mtdacqu.exe, version 5.0.8.0, faulting module
mswstr10.dll, version 4.0.9502.0, fault address 0x000058f3.

Error - 1/27/2010 5:35:44 AM | Computer Name = YUKIPC | Source = Application Error | ID = 1000
Description = Faulting application mtdacqu.exe, version 5.0.8.0, faulting module
mswstr10.dll, version 4.0.9502.0, fault address 0x000058f3.

Error - 1/27/2010 11:41:24 PM | Computer Name = YUKIPC | Source = Application Error | ID = 1000
Description = Faulting application mtdacqu.exe, version 5.0.8.0, faulting module
mswstr10.dll, version 4.0.9502.0, fault address 0x000058f3.

[ IntelDH Events ]
Error - 2/1/2010 12:38:50 AM | Computer Name = YUKIPC | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 2/4/2010 3:03:16 AM | Computer Name = YUKIPC | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 2/4/2010 5:01:35 AM | Computer Name = YUKIPC | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 2/4/2010 3:49:08 PM | Computer Name = YUKIPC | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 2/22/2010 1:07:47 AM | Computer Name = YUKIPC | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 2/23/2010 4:11:07 AM | Computer Name = YUKIPC | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 2/25/2010 12:42:17 AM | Computer Name = YUKIPC | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 2/25/2010 1:14:00 AM | Computer Name = YUKIPC | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 2/25/2010 1:30:14 AM | Computer Name = YUKIPC | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 2/25/2010 1:34:05 AM | Computer Name = YUKIPC | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

[ System Events ]
Error - 2/25/2010 1:36:30 AM | Computer Name = YUKIPC | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/25/2010 1:36:30 AM | Computer Name = YUKIPC | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/25/2010 1:36:30 AM | Computer Name = YUKIPC | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
Drive Manager\MFC80U.DLL. Reference error message: The operation completed successfully.
.

Error - 2/25/2010 1:36:35 AM | Computer Name = YUKIPC | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume technology service terminated with the following
error: %%203

Error - 2/25/2010 1:36:46 AM | Computer Name = YUKIPC | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/25/2010 1:36:46 AM | Computer Name = YUKIPC | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/25/2010 1:36:46 AM | Computer Name = YUKIPC | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
Drive Manager\MFC80U.DLL. Reference error message: The operation completed successfully.
.

Error - 2/25/2010 1:36:47 AM | Computer Name = YUKIPC | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/25/2010 1:36:47 AM | Computer Name = YUKIPC | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/25/2010 1:36:47 AM | Computer Name = YUKIPC | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Western Digital\WD
Drive Manager\MFC80U.DLL. Reference error message: The operation completed successfully.
.


< End of report >


gmer.log:

QUOTE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-25 06:37:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\hae\LOCALS~1\Temp\uwtdrpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

Device \Driver\iaStor \Device\Ide\iaStor0 [B9EA4146] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9EA4146] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B9EA4146] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 [B9EA4146] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP908\A0093121.exe:ext.exe 41472 bytes executable
File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----






Thank you and I will await your next set of instructions thumbup2.gif

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 PM

Posted 25 February 2010 - 12:20 PM

Hello hae,

Unfortunately you are infected with a nasty rootkit. Before continuing, please consider the following first...

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 hae

hae
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 26 February 2010 - 01:47 PM

Hi Elise, thank you for the information. I have not conducted any type of financial transaction (e.g., shopping online) since I noticed the browser redirecting, and thankfully, do not do any online banking, nor do I ask any site to save my credit card information so hopefully that is not an issue. In any case, I've also changed all of my passwords from another computer, and have been connecting my modem only to check this thread, download the required programs and post the information required here. I've disconnected it again immediately afterwards.

Given the information you have provided, I think a reformat would ultimately be the safest and best solution. I did back up my "essential" data files prior to creating this thread, but I would like to buy some time to also copy off the rest of my files (graphics, music, other documents) so would like to continue with the clean-up process.

To minimize being on the Internet at home, I brought a flash drive with me to work this morning to download the Combofix program, and will run it on my computer when I get home this evening, then post another reply here with the log. Thank you.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 PM

Posted 26 February 2010 - 01:56 PM

Okay, take your time smile.gif

To safely use your flash drive, without risking carrying over infections, I recommend you to use Flash Disinfector.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 hae

hae
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 27 February 2010 - 02:36 AM

Hi Elise, and thank you for the Flash Disinfector.

I'm sorry but I'm unable to run ComboFix. I made sure my Internet modem was disconnected, then disabled Panda. I then tried to run ComboFix. A little gray window that said "ComboFix" popped up, with a status bar underneath. The status bar filled with some green bars, and then got stuck. I left the computer alone for a while thinking it needed to process, but when I came back later, it was still in the same place, and I could not access anything with the mouse, nor could I access the Task Manager to see if the program was "Not Responding". I had to turn the computer off with the power button.

After rebooting, I checked my programs and Microsoft Windows Recovery Console was not installed so I thought perhaps ComboFix was searching for an Internet connection so it could install the program. (I did not want to leave the Internet modem connected during the ComboFix run with Panda uninstalled, especially since Panda's reports indicate numerous attempts at connection that my firewall is blocking.) I found the informational thread on this forum, and followed the install instructions for the console since your post states that if the console is already installed, ComboFix will continue its malware removal procedures.

After installation of the console, I ran ComboFix again, but the same thing happened (the green bars fill the status bar, and then it gets stuck). I thought maybe I needed to run the program in safe mode as I ended up doing with the gmer program, so I tried rebooting into safe mode. Unfortunately, after installation of the console, it appears that the computer will not reboot into safe mode. If I try to reboot into either "safe mode" or "safe mode with networking", I get the blue screen of death with an error message that there is a "page found in non-paged area" (or something similar to that). I then rebooted normally to post this (after renabling Panda).

Would appreciate any guidance on how I might get ComboFix to work or whether I am doing something wrong. Thank you in advance.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 PM

Posted 27 February 2010 - 03:21 AM

Hello hae,

No worries, this is most likely the rootkit preventing Combofix from running.
  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.
A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

In your next reply, please include the following:
  • TDSSkiller report.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 hae

hae
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 27 February 2010 - 12:56 PM

Hi Elise, thank you and here is the TDSSkiller report.txt:

QUOTE
07:41:01:671 4884 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
07:41:01:671 4884 ================================================================================
07:41:01:671 4884 SystemInfo:

07:41:01:671 4884 OS Version: 5.1.2600 ServicePack: 3.0
07:41:01:671 4884 Product type: Workstation
07:41:01:671 4884 ComputerName: YUKIPC
07:41:01:671 4884 UserName: hae
07:41:01:671 4884 Windows directory: C:\WINDOWS
07:41:01:671 4884 Processor architecture: Intel x86
07:41:01:671 4884 Number of processors: 2
07:41:01:671 4884 Page size: 0x1000
07:41:01:687 4884 Boot type: Normal boot
07:41:01:687 4884 ================================================================================
07:41:01:687 4884 UnloadDriverW: NtUnloadDriver error 2
07:41:01:687 4884 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
07:41:01:843 4884 Initialize success
07:41:01:843 4884
07:41:01:843 4884 Scanning Services ...
07:41:01:843 4884 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
07:41:01:843 4884 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
07:41:01:843 4884 wfopen_ex: Trying to KLMD file open
07:41:01:843 4884 wfopen_ex: File opened ok (Flags 2)
07:41:01:843 4884 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
07:41:01:843 4884 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
07:41:01:843 4884 wfopen_ex: Trying to KLMD file open
07:41:01:843 4884 wfopen_ex: File opened ok (Flags 2)
07:41:01:906 4884 GetAdvancedServicesInfo: Raw services enum returned 425 services
07:41:01:906 4884 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
07:41:01:906 4884 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
07:41:01:906 4884
07:41:01:906 4884 Scanning Kernel memory ...
07:41:01:906 4884 Devices to scan: 14
07:41:01:906 4884
07:41:01:906 4884 Driver Name: Disk
07:41:01:906 4884 IRP_MJ_CREATE : F760ABB0
07:41:01:906 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:01:906 4884 IRP_MJ_CLOSE : F760ABB0
07:41:01:906 4884 IRP_MJ_READ : F7604D1F
07:41:01:906 4884 IRP_MJ_WRITE : F7604D1F
07:41:01:906 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:01:906 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:01:906 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:01:906 4884 IRP_MJ_SET_EA : 804F4562
07:41:01:906 4884 IRP_MJ_FLUSH_BUFFERS : F76052E2
07:41:01:906 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:01:906 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:01:906 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:01:906 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:01:906 4884 IRP_MJ_DEVICE_CONTROL : F76053BB
07:41:01:906 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7608F28
07:41:01:906 4884 IRP_MJ_SHUTDOWN : F76052E2
07:41:01:906 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:01:906 4884 IRP_MJ_CLEANUP : 804F4562
07:41:01:906 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:01:906 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:01:906 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:01:906 4884 IRP_MJ_POWER : F7606C82
07:41:01:906 4884 IRP_MJ_SYSTEM_CONTROL : F760B99E
07:41:01:906 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:01:906 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:01:906 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:01:921 4884 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
07:41:01:921 4884 sion
07:41:01:921 4884 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
07:41:01:921 4884
07:41:01:921 4884 Driver Name: Disk
07:41:01:921 4884 IRP_MJ_CREATE : F760ABB0
07:41:01:921 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:01:921 4884 IRP_MJ_CLOSE : F760ABB0
07:41:01:921 4884 IRP_MJ_READ : F7604D1F
07:41:01:921 4884 IRP_MJ_WRITE : F7604D1F
07:41:01:921 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:01:921 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:01:921 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:01:921 4884 IRP_MJ_SET_EA : 804F4562
07:41:01:921 4884 IRP_MJ_FLUSH_BUFFERS : F76052E2
07:41:01:921 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:01:921 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:01:921 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:01:921 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:01:921 4884 IRP_MJ_DEVICE_CONTROL : F76053BB
07:41:01:921 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7608F28
07:41:01:921 4884 IRP_MJ_SHUTDOWN : F76052E2
07:41:01:921 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:01:921 4884 IRP_MJ_CLEANUP : 804F4562
07:41:01:921 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:01:921 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:01:921 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:01:921 4884 IRP_MJ_POWER : F7606C82
07:41:01:921 4884 IRP_MJ_SYSTEM_CONTROL : F760B99E
07:41:01:921 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:01:921 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:01:921 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:01:953 4884 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
07:41:01:953 4884 sion
07:41:01:953 4884 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
07:41:01:953 4884
07:41:01:953 4884 Driver Name: Disk
07:41:01:953 4884 IRP_MJ_CREATE : F760ABB0
07:41:01:953 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:01:953 4884 IRP_MJ_CLOSE : F760ABB0
07:41:01:953 4884 IRP_MJ_READ : F7604D1F
07:41:01:953 4884 IRP_MJ_WRITE : F7604D1F
07:41:01:953 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:01:953 4884 IRP_MJ_SET_EA : 804F4562
07:41:01:953 4884 IRP_MJ_FLUSH_BUFFERS : F76052E2
07:41:01:953 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_DEVICE_CONTROL : F76053BB
07:41:01:953 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7608F28
07:41:01:953 4884 IRP_MJ_SHUTDOWN : F76052E2
07:41:01:953 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_CLEANUP : 804F4562
07:41:01:953 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:01:953 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:01:953 4884 IRP_MJ_POWER : F7606C82
07:41:01:953 4884 IRP_MJ_SYSTEM_CONTROL : F760B99E
07:41:01:953 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:01:953 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:01:953 4884 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
07:41:01:953 4884 sion
07:41:01:953 4884 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
07:41:01:953 4884
07:41:01:953 4884 Driver Name: Disk
07:41:01:953 4884 IRP_MJ_CREATE : F760ABB0
07:41:01:953 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:01:953 4884 IRP_MJ_CLOSE : F760ABB0
07:41:01:953 4884 IRP_MJ_READ : F7604D1F
07:41:01:953 4884 IRP_MJ_WRITE : F7604D1F
07:41:01:953 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:01:953 4884 IRP_MJ_SET_EA : 804F4562
07:41:01:953 4884 IRP_MJ_FLUSH_BUFFERS : F76052E2
07:41:01:953 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_DEVICE_CONTROL : F76053BB
07:41:01:953 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7608F28
07:41:01:953 4884 IRP_MJ_SHUTDOWN : F76052E2
07:41:01:953 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_CLEANUP : 804F4562
07:41:01:953 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:01:953 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:01:953 4884 IRP_MJ_POWER : F7606C82
07:41:01:953 4884 IRP_MJ_SYSTEM_CONTROL : F760B99E
07:41:01:953 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:01:953 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:01:953 4884 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
07:41:01:953 4884 sion
07:41:01:953 4884 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
07:41:01:953 4884
07:41:01:953 4884 Driver Name: Disk
07:41:01:953 4884 IRP_MJ_CREATE : F760ABB0
07:41:01:953 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:01:953 4884 IRP_MJ_CLOSE : F760ABB0
07:41:01:953 4884 IRP_MJ_READ : F7604D1F
07:41:01:953 4884 IRP_MJ_WRITE : F7604D1F
07:41:01:953 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:01:953 4884 IRP_MJ_SET_EA : 804F4562
07:41:01:953 4884 IRP_MJ_FLUSH_BUFFERS : F76052E2
07:41:01:953 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_DEVICE_CONTROL : F76053BB
07:41:01:953 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7608F28
07:41:01:953 4884 IRP_MJ_SHUTDOWN : F76052E2
07:41:01:953 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_CLEANUP : 804F4562
07:41:01:953 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:01:953 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:01:953 4884 IRP_MJ_POWER : F7606C82
07:41:01:953 4884 IRP_MJ_SYSTEM_CONTROL : F760B99E
07:41:01:953 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:01:953 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:01:953 4884 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
07:41:01:953 4884 sion
07:41:01:953 4884 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
07:41:01:953 4884
07:41:01:953 4884 Driver Name: USBSTOR
07:41:01:953 4884 IRP_MJ_CREATE : A169E218
07:41:01:953 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:01:953 4884 IRP_MJ_CLOSE : A169E218
07:41:01:953 4884 IRP_MJ_READ : A169E23C
07:41:01:953 4884 IRP_MJ_WRITE : A169E23C
07:41:01:953 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:01:953 4884 IRP_MJ_SET_EA : 804F4562
07:41:01:953 4884 IRP_MJ_FLUSH_BUFFERS : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:01:953 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_DEVICE_CONTROL : A169E180
07:41:01:953 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : A16999E6
07:41:01:953 4884 IRP_MJ_SHUTDOWN : 804F4562
07:41:01:953 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:01:953 4884 IRP_MJ_CLEANUP : 804F4562
07:41:01:953 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:01:953 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:01:953 4884 IRP_MJ_POWER : A169D5F0
07:41:01:953 4884 IRP_MJ_SYSTEM_CONTROL : A169BA6E
07:41:01:953 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:01:953 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:01:953 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:01:984 4884 siohd: 0
07:41:01:984 4884 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
07:41:01:984 4884
07:41:01:984 4884 Driver Name: USBSTOR
07:41:01:984 4884 IRP_MJ_CREATE : A169E218
07:41:01:984 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:01:984 4884 IRP_MJ_CLOSE : A169E218
07:41:01:984 4884 IRP_MJ_READ : A169E23C
07:41:01:984 4884 IRP_MJ_WRITE : A169E23C
07:41:01:984 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:01:984 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:01:984 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:01:984 4884 IRP_MJ_SET_EA : 804F4562
07:41:01:984 4884 IRP_MJ_FLUSH_BUFFERS : 804F4562
07:41:01:984 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:01:984 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:01:984 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:01:984 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:01:984 4884 IRP_MJ_DEVICE_CONTROL : A169E180
07:41:01:984 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : A16999E6
07:41:01:984 4884 IRP_MJ_SHUTDOWN : 804F4562
07:41:01:984 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:01:984 4884 IRP_MJ_CLEANUP : 804F4562
07:41:01:984 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:01:984 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:01:984 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:01:984 4884 IRP_MJ_POWER : A169D5F0
07:41:01:984 4884 IRP_MJ_SYSTEM_CONTROL : A169BA6E
07:41:01:984 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:01:984 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:01:984 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:02:000 4884 siohd: 0
07:41:02:000 4884 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
07:41:02:000 4884
07:41:02:000 4884 Driver Name: USBSTOR
07:41:02:000 4884 IRP_MJ_CREATE : A169E218
07:41:02:000 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:02:000 4884 IRP_MJ_CLOSE : A169E218
07:41:02:000 4884 IRP_MJ_READ : A169E23C
07:41:02:000 4884 IRP_MJ_WRITE : A169E23C
07:41:02:000 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:02:000 4884 IRP_MJ_SET_EA : 804F4562
07:41:02:000 4884 IRP_MJ_FLUSH_BUFFERS : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_DEVICE_CONTROL : A169E180
07:41:02:000 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : A16999E6
07:41:02:000 4884 IRP_MJ_SHUTDOWN : 804F4562
07:41:02:000 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_CLEANUP : 804F4562
07:41:02:000 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:02:000 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:02:000 4884 IRP_MJ_POWER : A169D5F0
07:41:02:000 4884 IRP_MJ_SYSTEM_CONTROL : A169BA6E
07:41:02:000 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:02:000 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:02:000 4884 siohd: 0
07:41:02:000 4884 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
07:41:02:000 4884
07:41:02:000 4884 Driver Name: USBSTOR
07:41:02:000 4884 IRP_MJ_CREATE : A169E218
07:41:02:000 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:02:000 4884 IRP_MJ_CLOSE : A169E218
07:41:02:000 4884 IRP_MJ_READ : A169E23C
07:41:02:000 4884 IRP_MJ_WRITE : A169E23C
07:41:02:000 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:02:000 4884 IRP_MJ_SET_EA : 804F4562
07:41:02:000 4884 IRP_MJ_FLUSH_BUFFERS : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_DEVICE_CONTROL : A169E180
07:41:02:000 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : A16999E6
07:41:02:000 4884 IRP_MJ_SHUTDOWN : 804F4562
07:41:02:000 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_CLEANUP : 804F4562
07:41:02:000 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:02:000 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:02:000 4884 IRP_MJ_POWER : A169D5F0
07:41:02:000 4884 IRP_MJ_SYSTEM_CONTROL : A169BA6E
07:41:02:000 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:02:000 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:02:000 4884 siohd: 0
07:41:02:000 4884 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
07:41:02:000 4884
07:41:02:000 4884 Driver Name: USBSTOR
07:41:02:000 4884 IRP_MJ_CREATE : A169E218
07:41:02:000 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:02:000 4884 IRP_MJ_CLOSE : A169E218
07:41:02:000 4884 IRP_MJ_READ : A169E23C
07:41:02:000 4884 IRP_MJ_WRITE : A169E23C
07:41:02:000 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:02:000 4884 IRP_MJ_SET_EA : 804F4562
07:41:02:000 4884 IRP_MJ_FLUSH_BUFFERS : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_DEVICE_CONTROL : A169E180
07:41:02:000 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : A16999E6
07:41:02:000 4884 IRP_MJ_SHUTDOWN : 804F4562
07:41:02:000 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_CLEANUP : 804F4562
07:41:02:000 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:02:000 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:02:000 4884 IRP_MJ_POWER : A169D5F0
07:41:02:000 4884 IRP_MJ_SYSTEM_CONTROL : A169BA6E
07:41:02:000 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:02:000 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:02:000 4884 siohd: 0
07:41:02:000 4884 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
07:41:02:000 4884
07:41:02:000 4884 Driver Name: Disk
07:41:02:000 4884 IRP_MJ_CREATE : F760ABB0
07:41:02:000 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:02:000 4884 IRP_MJ_CLOSE : F760ABB0
07:41:02:000 4884 IRP_MJ_READ : F7604D1F
07:41:02:000 4884 IRP_MJ_WRITE : F7604D1F
07:41:02:000 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:02:000 4884 IRP_MJ_SET_EA : 804F4562
07:41:02:000 4884 IRP_MJ_FLUSH_BUFFERS : F76052E2
07:41:02:000 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_DEVICE_CONTROL : F76053BB
07:41:02:000 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7608F28
07:41:02:000 4884 IRP_MJ_SHUTDOWN : F76052E2
07:41:02:000 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_CLEANUP : 804F4562
07:41:02:000 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:02:000 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:02:000 4884 IRP_MJ_POWER : F7606C82
07:41:02:000 4884 IRP_MJ_SYSTEM_CONTROL : F760B99E
07:41:02:000 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:02:000 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:02:000 4884 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
07:41:02:000 4884 sion
07:41:02:000 4884 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
07:41:02:000 4884
07:41:02:000 4884 Driver Name: Disk
07:41:02:000 4884 IRP_MJ_CREATE : F760ABB0
07:41:02:000 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:02:000 4884 IRP_MJ_CLOSE : F760ABB0
07:41:02:000 4884 IRP_MJ_READ : F7604D1F
07:41:02:000 4884 IRP_MJ_WRITE : F7604D1F
07:41:02:000 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:02:000 4884 IRP_MJ_SET_EA : 804F4562
07:41:02:000 4884 IRP_MJ_FLUSH_BUFFERS : F76052E2
07:41:02:000 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:02:000 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_DEVICE_CONTROL : F76053BB
07:41:02:000 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7608F28
07:41:02:000 4884 IRP_MJ_SHUTDOWN : F76052E2
07:41:02:000 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:02:000 4884 IRP_MJ_CLEANUP : 804F4562
07:41:02:000 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:02:000 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:02:000 4884 IRP_MJ_POWER : F7606C82
07:41:02:000 4884 IRP_MJ_SYSTEM_CONTROL : F760B99E
07:41:02:000 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:02:000 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:02:000 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:02:000 4884 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
07:41:02:000 4884 sion
07:41:02:000 4884 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
07:41:02:000 4884
07:41:02:015 4884 Driver Name: Disk
07:41:02:015 4884 IRP_MJ_CREATE : F760ABB0
07:41:02:015 4884 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
07:41:02:015 4884 IRP_MJ_CLOSE : F760ABB0
07:41:02:015 4884 IRP_MJ_READ : F7604D1F
07:41:02:015 4884 IRP_MJ_WRITE : F7604D1F
07:41:02:015 4884 IRP_MJ_QUERY_INFORMATION : 804F4562
07:41:02:015 4884 IRP_MJ_SET_INFORMATION : 804F4562
07:41:02:015 4884 IRP_MJ_QUERY_EA : 804F4562
07:41:02:015 4884 IRP_MJ_SET_EA : 804F4562
07:41:02:015 4884 IRP_MJ_FLUSH_BUFFERS : F76052E2
07:41:02:015 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
07:41:02:015 4884 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
07:41:02:015 4884 IRP_MJ_DIRECTORY_CONTROL : 804F4562
07:41:02:015 4884 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
07:41:02:015 4884 IRP_MJ_DEVICE_CONTROL : F76053BB
07:41:02:015 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7608F28
07:41:02:015 4884 IRP_MJ_SHUTDOWN : F76052E2
07:41:02:015 4884 IRP_MJ_LOCK_CONTROL : 804F4562
07:41:02:015 4884 IRP_MJ_CLEANUP : 804F4562
07:41:02:015 4884 IRP_MJ_CREATE_MAILSLOT : 804F4562
07:41:02:015 4884 IRP_MJ_QUERY_SECURITY : 804F4562
07:41:02:015 4884 IRP_MJ_SET_SECURITY : 804F4562
07:41:02:015 4884 IRP_MJ_POWER : F7606C82
07:41:02:015 4884 IRP_MJ_SYSTEM_CONTROL : F760B99E
07:41:02:015 4884 IRP_MJ_DEVICE_CHANGE : 804F4562
07:41:02:015 4884 IRP_MJ_QUERY_QUOTA : 804F4562
07:41:02:015 4884 IRP_MJ_SET_QUOTA : 804F4562
07:41:02:015 4884 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
07:41:02:015 4884 sion
07:41:02:015 4884 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
07:41:02:015 4884
07:41:02:015 4884 Driver Name: iaStor
07:41:02:015 4884 IRP_MJ_CREATE : F73C0146
07:41:02:015 4884 IRP_MJ_CREATE_NAMED_PIPE : F73C0146
07:41:02:015 4884 IRP_MJ_CLOSE : F73C0146
07:41:02:015 4884 IRP_MJ_READ : F73C0146
07:41:02:015 4884 IRP_MJ_WRITE : F73C0146
07:41:02:015 4884 IRP_MJ_QUERY_INFORMATION : F73C0146
07:41:02:015 4884 IRP_MJ_SET_INFORMATION : F73C0146
07:41:02:015 4884 IRP_MJ_QUERY_EA : F73C0146
07:41:02:015 4884 IRP_MJ_SET_EA : F73C0146
07:41:02:015 4884 IRP_MJ_FLUSH_BUFFERS : F73C0146
07:41:02:015 4884 IRP_MJ_QUERY_VOLUME_INFORMATION : F73C0146
07:41:02:015 4884 IRP_MJ_SET_VOLUME_INFORMATION : F73C0146
07:41:02:015 4884 IRP_MJ_DIRECTORY_CONTROL : F73C0146
07:41:02:015 4884 IRP_MJ_FILE_SYSTEM_CONTROL : F73C0146
07:41:02:015 4884 IRP_MJ_DEVICE_CONTROL : F73C0146
07:41:02:015 4884 IRP_MJ_INTERNAL_DEVICE_CONTROL : F73C0146
07:41:02:015 4884 IRP_MJ_SHUTDOWN : F73C0146
07:41:02:015 4884 IRP_MJ_LOCK_CONTROL : F73C0146
07:41:02:015 4884 IRP_MJ_CLEANUP : F73C0146
07:41:02:015 4884 IRP_MJ_CREATE_MAILSLOT : F73C0146
07:41:02:015 4884 IRP_MJ_QUERY_SECURITY : F73C0146
07:41:02:015 4884 IRP_MJ_SET_SECURITY : F73C0146
07:41:02:015 4884 IRP_MJ_POWER : F73C0146
07:41:02:015 4884 IRP_MJ_SYSTEM_CONTROL : F73C0146
07:41:02:015 4884 IRP_MJ_DEVICE_CHANGE : F73C0146
07:41:02:015 4884 IRP_MJ_QUERY_QUOTA : F73C0146
07:41:02:015 4884 IRP_MJ_SET_QUOTA : F73C0146
07:41:02:046 4884 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
07:41:02:062 4884 TDL3_IrpHookDetect: New IrpHandler addr: 86C2A8C8
07:41:02:062 4884 ihd: 10, FFDF0308, 510, 134, 3, 120, 0
07:41:02:062 4884 Driver "iaStor" Irp handler infected by TDSS rootkit ... 07:41:02:062 4884 cured
07:41:02:062 4884 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
07:41:02:062 4884 sion
07:41:02:062 4884 C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: Infected
07:41:02:062 4884 File C:\WINDOWS\system32\drivers\iaStor.sys infected by TDSS rootkit ... 07:41:02:062 4884 Processing driver file: C:\WINDOWS\system32\drivers\iaStor.sys
07:41:02:062 4884 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
07:41:02:281 4884 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\OemDir\*) error 3
07:41:02:375 4884 vfvi6
07:41:02:421 4884 !dsvbh1
07:41:02:546 4884 dsvbh2
07:41:02:656 4884 fdfb4
07:41:02:656 4884 Backup copy found, using it..
07:41:02:671 4884 will be cured on next reboot
07:41:02:671 4884 Reboot required for cure complete..
07:41:02:734 4884 Cure on reboot scheduled successfully
07:41:02:734 4884
07:41:02:734 4884 Completed
07:41:02:734 4884
07:41:02:734 4884 Results:
07:41:02:734 4884 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
07:41:02:734 4884 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
07:41:02:734 4884 File objects infected / cured / cured on reboot: 1 / 0 / 1
07:41:02:734 4884
07:41:02:734 4884 UnloadDriverW: NtUnloadDriver error 1
07:41:02:734 4884 KLMD_Unload: UnloadDriverW(klmd21) error 1
07:41:02:765 4884 KLMD(ARK) unloaded successfully




Would you happen to know if the inability to reboot into safe mode was caused by the rootkit or the installation of the Windows Recovery Console?

I'm also having some problems restarting the computer. After running TDSSkiller, there is an option in the window to press "Y" to reboot so I did that. The computer shuts down normally, and then on reboot, nothing appears on the screen, although the power button on the computer is lit. Since nothing happened, I powered down the computer again, waited a minute, then turned it on. This was happening last night as well, but I thought it was a result of ComboFix getting stuck.

Thank you in advance.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:39 PM

Posted 27 February 2010 - 01:54 PM

It seems TDSS killer was succesful.

Please try if Safe Mode works now. At this point its impossible to say if it was the rootkit or "something" else that was causing that problem.

Can you try to run Combofix now as well?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 hae

hae
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 28 February 2010 - 05:18 PM

Hi Elise, yes safe mode works now. ComboFix will not work in "regular" mode but it does work in "safe" mode. Here is the ComboFix log:

QUOTE
ComboFix 10-02-26.01 - hae 02/28/2010 9:10.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1761 [GMT -10:00]
Running from: c:\documents and settings\hae\Desktop\ComboFix.exe
AV: Panda Internet Security 2010 *On-access scanning disabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\hae\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\hae\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\yuki\Application Data\inst.exe
C:\s
C:\Thumbs.db
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Data
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI


((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-25 08:20 . 2010-02-25 08:20 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-22 05:14 . 2010-02-22 05:14 -------- d-----w- c:\documents and settings\hae\Application Data\GRETECH
2010-02-04 21:03 . 2010-02-22 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-04 19:44 . 2010-02-04 19:44 -------- d-----w- c:\documents and settings\hae\Local Settings\Application Data\Mozilla
2010-02-04 16:12 . 2010-02-04 16:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 04:44 . 2010-02-01 04:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-31 18:21 . 2010-01-31 18:21 -------- d-sh--w- c:\documents and settings\hae\IECompatCache
2010-01-31 18:11 . 2010-01-31 18:11 -------- d-----w- c:\documents and settings\hae\Application Data\Malwarebytes
2010-01-30 12:17 . 2010-01-30 12:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-30 10:12 . 2010-01-30 10:12 -------- d-----w- c:\documents and settings\hae\Local Settings\Application Data\Adobe
2010-01-30 08:03 . 2010-01-30 08:03 -------- d-----w- C:\e896996ad1b29d530a
2010-01-30 08:03 . 2010-01-30 09:51 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 19:30 . 2010-01-18 20:19 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-02-28 19:30 . 2010-01-18 20:19 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-02-28 19:30 . 2010-01-18 20:25 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-02-28 17:59 . 2009-01-20 22:44 -------- d-----w- c:\program files\BadgeHelp
2010-02-28 09:18 . 2009-01-21 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\GHKEYIMGYG
2010-02-28 09:16 . 2010-01-18 20:19 255448 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-02-28 09:16 . 2010-01-18 20:19 255448 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-02-27 17:43 . 2007-01-20 01:42 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-26 10:14 . 2009-10-04 10:44 60 ---h--w- c:\windows\popcreg.dat
2010-02-26 10:14 . 2009-09-27 22:59 22 ----a-w- c:\windows\popcinfot.dat
2010-02-23 09:01 . 2009-10-24 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\IIKEYIMGYG
2010-02-01 04:44 . 2007-01-20 01:58 -------- d-----w- c:\program files\Common Files\Java
2010-02-01 04:44 . 2007-01-20 01:58 -------- d-----w- c:\program files\Java
2010-01-30 10:07 . 2007-01-20 02:17 189000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 05:44 . 2010-01-28 05:43 126 ----a-w- c:\documents and settings\hae\Local Settings\Application Data\fusioncache.dat
2010-01-28 03:40 . 2009-12-27 09:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-27 11:51 . 2009-12-27 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-27 11:16 . 2007-01-20 02:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 09:46 . 2010-01-17 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 04:03 . 2010-01-24 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SSKEYIMGYG
2010-01-25 16:50 . 2008-04-28 03:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-19 04:50 . 2008-04-28 03:30 -------- d-----w- c:\program files\Oberon Media
2010-01-18 20:20 . 2010-01-18 20:20 262 ----a-w- c:\windows\system32\PavCPL.dat
2010-01-18 20:19 . 2010-01-18 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup
2010-01-18 20:19 . 2010-01-18 20:18 -------- d-----w- c:\program files\Panda Security
2010-01-18 20:18 . 2010-01-18 20:18 -------- d-----w- c:\documents and settings\yuki\Application Data\Panda Security
2010-01-18 20:18 . 2010-01-18 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-01-18 20:18 . 2007-01-20 02:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 20:12 . 2010-01-18 20:12 -------- d-----w- c:\program files\Common Files\Panda Security
2010-01-18 08:24 . 2010-01-18 08:24 -------- d-----w- c:\documents and settings\yuki\Application Data\AVG8
2010-01-18 07:49 . 2010-01-18 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-17 20:20 . 2010-01-17 20:20 -------- d-----w- c:\documents and settings\yuki\Application Data\Malwarebytes
2010-01-17 20:20 . 2010-01-17 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 07:15 . 2009-02-16 18:14 -------- d-----w- c:\documents and settings\yuki\Application Data\Vso
2010-01-08 20:39 . 2009-08-26 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SIKEYIMGYG
2010-01-08 02:07 . 2010-01-17 20:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 02:07 . 2010-01-17 20:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 10:39 . 2010-01-07 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\RJKEYIMGYG
2010-01-04 18:31 . 2009-02-16 23:42 25 ----a-w- C:\Board.Dat
2010-01-03 04:45 . 2010-01-03 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VZKEYIMGYG
2010-01-03 04:29 . 2010-01-03 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BMKEYIMGYG
2009-12-26 13:50 . 2005-08-16 10:18 14336 ----a-w- c:\windows\system32\svchost.exe
2009-12-22 05:20 . 2009-12-22 05:20 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 19:14 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2007-08-26 08:34 . 2007-08-24 04:24 24 --sh--w- c:\windows\S0AA02C2D.tmp
2002-08-01 05:55 . 2009-04-07 07:25 224 --sh--w- c:\windows\WSYS049.SYS
2006-05-03 10:06 . 2008-08-01 04:26 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-04-26 10:17 . 2007-01-31 13:24 2878 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2008-08-01 04:26 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-08-01 04:26 27648 --sh--w- c:\windows\system32\Smab0.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-21 86960]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-20 98304]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-20 185896]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-17 430080]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" [2009-06-06 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2010\Inicio.exe" [2009-04-21 56064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-21 213936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-12 246504]

c:\documents and settings\yuki\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-5-15 6822728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-19 02:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fscagent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [1/18/2010 10:13 AM 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [1/18/2010 10:19 AM 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [1/18/2010 10:19 AM 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [1/18/2010 10:19 AM 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [1/18/2010 10:19 AM 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [1/18/2010 10:19 AM 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [1/18/2010 10:12 AM 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [1/18/2010 10:19 AM 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [1/18/2010 10:12 AM 177416]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2010\psksvc.exe [1/18/2010 10:19 AM 28928]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/26/2007 8:13 PM 24652]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 5:12 PM 102400]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [1/18/2010 10:25 AM 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [1/18/2010 10:19 AM 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [4/9/2007 8:52 PM 18580]
S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [4/9/2007 9:04 PM 50258]
S3 JL2004A;JL2004A Photo Viewer;c:\windows\system32\drivers\pv_wdm.sys [2/13/2007 5:36 PM 63289]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2010-02-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 21:20]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070119
mSearch Bar = hxxp://www.google.com/ie
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://clubgames.pogo.com/online2/pogop/diner_dash/DinerDash.1.0.0.80.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
FF - ProfilePath - c:\documents and settings\hae\Application Data\Mozilla\Firefox\Profiles\hdc87nm5.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-ClubBox - (no file)
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
SharedTaskScheduler-{50c1234d-de7c-4501-95b8-c117770b5088} - (no file)
SharedTaskScheduler-{0e8bf617-7446-45da-8b7f-c98f13f1c7d3} - (no file)
SSODL-yuzimugan-{50c1234d-de7c-4501-95b8-c117770b5088} - (no file)
SSODL-vilunepat-{0e8bf617-7446-45da-8b7f-c98f13f1c7d3} - (no file)
SafeBoot-klmdb.sys
AddRemove-Diner Dash 2 - c:\program files\Yahoo! Games\Diner Dash 2\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 09:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\program files\Panda Security\Panda Internet Security 2010\pavoepl.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Panda Security\Panda Internet Security 2010\TPSrv.exe
c:\program files\PANDA SECURITY\PANDA INTERNET SECURITY 2010\WebProxy.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Panda Security\Panda Internet Security 2010\PsCtrls.exe
c:\program files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Panda Security\Panda Internet Security 2010\pavsrv51.exe
c:\program files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\docume~1\hae\LOCALS~1\Temp\clclean.0001
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\TechSmith\SnagIt 9\TSCHelp.exe
c:\program files\TechSmith\SnagIt 9\SnagPriv.exe
c:\program files\Panda Security\Panda Internet Security 2010\SRVLOAD.EXE
c:\program files\TechSmith\SnagIt 9\snagiteditor.exe
c:\program files\Panda Security\Panda Internet Security 2010\PavBckPT.exe
c:\program files\Panda Security\Panda Internet Security 2010\avciman.exe
c:\program files\Panda Security\Panda Internet Security 2010\psimreal.exe
.
**************************************************************************
.
Completion time: 2010-02-28 09:37:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-28 19:37

Pre-Run: 568,850,370,560 bytes free
Post-Run: 566,539,284,480 bytes free

- - End Of File - - 757A57366D0958FA8FBA6BCA2F2A13E8



Also, I apologize because I know I'm not supposed to be updating any files during the clean up process (there are Windows updates awaiting), but I had the Internet open to check this thread and I think my friend misunderstood, thought the computer was clean, and updated one of the files on the computer. I hope that doesn't mess anything up.

Will await further instructions from you and thank you in advance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users