Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible TDSS infection (google redirects)


  • This topic is locked This topic is locked
17 replies to this topic

#1 mojopin

mojopin

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 07 May 2010 - 02:12 AM

Hi - I have tried various virus scanners but I have the problem of redirecting to random websites. I cannot access the microsoft update site or even search the url in google! I ran tdsskiller and it says my atapi.sys is modified and it fixes it but after a reboot I get the same message. I even replaced it myself in the recovery console but the problem remains.

I have attached the attach.txt and ark.txt files. Below is my dds log.

Thanks in advance for any help I may receive and I promise to be prompt in my replies. :thumbsup:


DDS (Ver_10-03-17.01) - NTFSx86
Run by 9abino at 23:17:58.75 on Thu 05/06/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3327.2684 [GMT -4:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\SFP\app\bin\sfp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Lynx Studio Technology\LynxTrayVolume.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\9abino\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [InitPulsar] C:/SFP/app/bin/sfp.exe -s
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\9abino\startm~1\programs\startup\syncba~1.lnk - c:\program files\2brightsparks\syncbackse\SyncBackSE.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lynxtr~1.lnk - c:\program files\lynx studio technology\LynxTrayVolume.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoi~1.lnk - c:\program files\logitech\setpoint ii\SetpointII.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
Trusted Zone: intuit.com\ttlc
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265931467984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265931458562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586

I think the virus was preventing me form posting this which is why it is incomplete. Here I go again

Hi - I have tried various virus scanners but I have the problem of redirecting to random websites. I cannot access the microsoft update site or even search the url in google! I ran tdsskiller and it says my atapi.sys is modified and it fixes it but after a reboot I get the same message. I even replaced it myself in the recovery console but the problem remains.

I have attached the attach.txt and ark.txt files. Below is my dds log.

Thanks in advance for any help I may receive and I promise to be prompt in my replies.


DDS (Ver_10-03-17.01) - NTFSx86
Run by 9abino at 23:17:58.75 on Thu 05/06/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3327.2684 [GMT -4:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\SFP\app\bin\sfp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Lynx Studio Technology\LynxTrayVolume.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\9abino\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [InitPulsar] C:/SFP/app/bin/sfp.exe -s
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\9abino\startm~1\programs\startup\syncba~1.lnk - c:\program files\2brightsparks\syncbackse\SyncBackSE.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lynxtr~1.lnk - c:\program files\lynx studio technology\LynxTrayVolume.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoi~1.lnk - c:\program files\logitech\setpoint ii\SetpointII.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
Trusted Zone: intuit.com\ttlc
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265931467984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265931458562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38003.6515972222
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\9abino\applic~1\mozilla\firefox\profiles\gbkvfwt2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2008-08-29 01:55:33 2 --shatr- c:\windows\winstart.bat
2005-07-14 18:31:20 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2002-05-07 06:21:26 49152 --shatw- c:\windows\system32\cwScopeProp.dll
2008-01-14 01:44:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008011320080114\index.dat

============= FINISH: 23:19:01.15 ===============

Yay! I went ahead and ran combofix as it worked on my computer a couple of years ago. It took a few tries as I was getting errors but I finally got it running. It found a rootkit and zapped it. I accidentally ran it again so I can't post the log but so far so good. No redirects or 200 open connections. I ran the old timer and cleared my system restore points. I can go to bed now.. thanks guys!

EDIT: Added supplementary data by OP ~ Hamluis.

This post has been edited by hamluis: Today, 10:44 AM

Attached File(s)
Attach.txt ( 6.84k ) Number of downloads: 0

Edited by hamluis, 07 May 2010 - 10:54 AM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 09 May 2010 - 02:53 PM

Hello and welcome to Bleeping Computer

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 mojopin

mojopin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 09 May 2010 - 05:39 PM

Hi - Thanks for your help. I am not having problems so far but I ran the scans. Here are the logs:

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 238.46 Gb Free Space | 85.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 199.00 Gb Free Space | 42.73% Space Free | Partition Type: NTFS
Drive F: | 279.46 Gb Total Space | 99.92 Gb Free Space | 35.75% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded


Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/09 16:30:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Desktop\OTL.exe
PRC - [2010/04/14 11:41:01 | 002,029,456 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2010/04/14 11:40:57 | 001,769,216 | ---- | M] () -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2010/04/04 01:57:52 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2010/04/02 23:03:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/21 10:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint II\SetPointII.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/05/21 14:25:15 | 001,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/03/24 18:55:30 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2008/11/18 12:09:10 | 006,281,984 | ---- | M] (2BrightSparks Pte Ltd) -- C:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
PRC - [2008/06/27 17:48:34 | 000,061,440 | ---- | M] (Lynx Studio Technology, Inc.) -- C:\Program Files\Lynx Studio Technology\LynxTrayVolume.exe
PRC - [2008/06/15 16:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe



========== Modules (SafeList) ==========

MOD - [2010/05/09 16:30:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Desktop\OTL.exe
MOD - [2010/04/14 11:41:25 | 000,277,240 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/04/14 11:40:57 | 001,769,216 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/14 18:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/06/15 16:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/02/16 19:49:50 | 000,411,168 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/02/01 10:29:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/12/02 13:20:46 | 000,049,152 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe -- (MAudioUSBService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/07 04:28:51 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\495B.sys -- (495B)
DRV - [2010/04/18 19:57:24 | 000,014,873 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\My Documents\Downloads\radix_installer\SDTHLPR.sys -- (SDTHelper)
DRV - [2010/04/14 11:41:24 | 000,086,800 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/04/14 11:41:23 | 000,225,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/04/14 11:41:23 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/04/14 11:41:23 | 000,015,464 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/02/11 18:53:34 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/18 01:27:45 | 000,052,008 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009/06/17 10:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/04/09 23:47:58 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/03/27 11:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/14 18:36:56 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/09/14 18:36:54 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/06/27 17:48:30 | 000,196,744 | ---- | M] (Lynx Studio Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LynxWDM.Sys -- (LynxWDM)
DRV - [2008/01/15 18:13:24 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/01/15 18:13:24 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/15 18:12:57 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/10/23 04:45:34 | 000,269,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2007/07/13 01:04:06 | 000,022,304 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbkt1x1.sys -- (USBKT1X1)
DRV - [2007/07/13 01:04:06 | 000,013,504 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2007/07/02 16:08:08 | 000,015,616 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2007/03/24 12:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/12/14 04:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/29 23:02:26 | 000,174,864 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/26 10:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/02/07 20:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/12/13 14:39:54 | 000,102,528 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mausb.sys -- (MAUSB) Service for M-Audio Fast Track Pro Driver (WDM)
DRV - [2005/04/06 16:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/02/16 03:06:18 | 000,018,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2004/08/13 12:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 02:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/07/05 21:19:12 | 000,110,048 | ---- | M] (CWDT) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scope.sys -- (Scope)
DRV - [2002/05/03 19:55:28 | 000,044,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TStretch.sys -- (TStretch)
DRV - [2002/04/26 21:53:20 | 000,010,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\WaveOut16.sys -- (WaveOut16)
DRV - [2002/04/17 22:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\asapi.sys -- (Asapi)
DRV - [2002/03/09 19:18:20 | 000,010,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VxD2PC.sys -- (VxD2PC)
DRV - [2002/03/09 19:18:20 | 000,010,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\WaveIn16.sys -- (WaveIn16)
DRV - [2002/03/09 19:18:12 | 000,012,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VSTout.sys -- (VSTout)
DRV - [2002/03/09 19:18:12 | 000,010,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VSTsync.sys -- (VSTsync)
DRV - [2002/03/09 19:18:10 | 000,012,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VSTin.sys -- (VSTin)
DRV - [2002/03/09 19:18:06 | 000,019,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VDATMot.sys -- (VDATMot)
DRV - [2002/03/09 19:18:06 | 000,012,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VRec.sys -- (VRec)
DRV - [2002/03/09 19:18:06 | 000,012,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VPlay.sys -- (VPlay)
DRV - [2002/03/09 19:18:04 | 000,012,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TRec.sys -- (TRec)
DRV - [2002/03/09 19:18:04 | 000,011,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TPRSync.sys -- (TPRSync)
DRV - [2002/03/09 19:18:04 | 000,010,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TRSync.sys -- (TRSync)
DRV - [2002/03/09 19:18:02 | 000,015,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\Spl2VxD.sys -- (Spl2VxD)
DRV - [2002/03/09 19:18:02 | 000,011,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TPlay.sys -- (TPlay)
DRV - [2002/03/09 19:18:02 | 000,010,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TPSync.sys -- (TPSync)
DRV - [2002/03/09 19:17:58 | 000,079,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\MVC2VxD.sys -- (MVC2VxD)
DRV - [2002/03/09 19:17:58 | 000,073,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\MVCVxD.sys -- (MVCVxD)
DRV - [2002/03/09 19:17:58 | 000,010,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\PC2VxD.sys -- (PC2VxD)
DRV - [2002/03/09 19:17:54 | 000,012,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\MArrFifo.sys -- (MArrFifo)
DRV - [2002/03/09 19:17:54 | 000,010,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\MFifoArr.sys -- (MFifoArr)
DRV - [2002/03/09 19:17:52 | 000,025,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\KGPar3.sys -- (KGPar3)
DRV - [2002/03/09 19:17:52 | 000,010,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\MidiAck.sys -- (MidiAck)
DRV - [2002/03/09 19:17:50 | 000,022,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\KGPar2.sys -- (KGPar2)
DRV - [2002/03/09 19:17:50 | 000,010,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\InvVxD.sys -- (InvVxD)
DRV - [2002/03/09 19:17:44 | 000,010,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\2nixWDM.sys -- (2nixWDM)
DRV - [2002/03/09 19:17:44 | 000,010,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\2nixA.sys -- (2nixA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1060284298-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 20:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/06 19:48:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/02/07 16:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/04/23 02:20:37 | 000,000,000 | ---D | M]

[2008/08/27 23:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Mozilla\Extensions
[2010/05/06 19:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions
[2010/02/17 22:47:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 16:08:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/03 19:24:59 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/05/06 19:53:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/22 23:48:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/07/30 23:18:53 | 000,000,000 | ---D | M] (New.net Quick! Search) -- C:\Program Files\Mozilla Firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}
[2010/05/06 19:48:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/08/15 22:08:09 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/05/07 04:44:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [InitPulsar] C:\SFP\app\bin\sfp.exe (CreamWare GmbH)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\Start Menu\Programs\Startup\SyncBackSE.lnk = C:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe (2BrightSparks Pte Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lynx Tray Volume.lnk = C:\Program Files\Lynx Studio Technology\LynxTrayVolume.exe (Lynx Studio Technology, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk = C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-179605362-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1060284298-179605362-725345543-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} https://actsvr.comcastonline.com/techtools/...%20Controls.cab (SupportSoft External Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1265931467984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1265931458562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8003.6515972222 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16
O18 - Protocol\Handler\ms-its - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/16 04:36:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/01/16 04:35:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "DigiRefresh"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - Services: "IDriverT"
MsConfig - Services: "digiSPTIService"
MsConfig - Services: "ATI Smart"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1386D66C-E940-0B11-F206-ABB84A282789} - Internet Explorer
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ED02DB6E-7F92-A59B-976E-46EB99F54CE9} - Q867801
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: Midi1 - C:\WINDOWS\System32\unitydrv.dll (BitHeadz Inc.)
Drivers32: Midi2 - C:\WINDOWS\System32\usbkt1x1.dll (Doug Fetter Software Wizardry)
Drivers32: midi4 - C:\WINDOWS\System32\usbkt1x1.dll (Doug Fetter Software Wizardry)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.CSCD - C:\WINDOWS\System32\camcodec.dll (RenderSoft Software)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DIVXc32.dll (Hacked with Joy ! )
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DIVXc32f.dll (Hacked with Joy ! )
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/09 16:30:24 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Desktop\OTL.exe
[2010/05/07 05:14:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/07 04:34:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/07 04:09:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/07 04:06:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/06 20:53:56 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/05/06 20:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/06 20:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/06 19:59:19 | 000,054,920 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/05/06 19:59:19 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/05/06 19:59:19 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/05/06 19:53:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Recent
[2010/05/06 19:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/06 19:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/05/06 19:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/06 19:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/06 00:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desktop\ProcessExplorer
[2010/05/05 01:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/05 01:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/05 01:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Local Settings\Application Data\madsdgocp
[2010/04/26 17:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Application Data\Mp3tag
[2010/04/26 17:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2010/04/10 19:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/04/02 22:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall
[2010/04/02 00:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2010/04/02 00:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2010/03/22 19:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Local Settings\Application Data\IsolatedStorage
[2010/03/16 15:24:39 | 000,000,000 | ---D | C] -- C:\temp
[2010/03/14 23:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/02/27 02:30:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
[2010/02/17 22:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/02/17 22:27:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/02/16 18:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Desktop\ASUS P4C800 DRIVERS
[2010/02/11 23:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Local Settings\Application Data\LogiShrd
[2010/02/11 23:46:57 | 000,010,384 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys
[2010/02/11 23:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/02/11 23:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2010/02/11 23:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
[2010/02/11 23:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/02/11 23:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Local Settings\Application Data\Downloaded Installations
[2010/02/11 23:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/02/11 20:08:08 | 002,395,648 | ---- | C] (AD © 2009) -- C:\WINDOWS\System32\SYNSOEMU.DLL
[2010/02/11 20:08:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\syswow64
[2010/02/11 18:53:33 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/11 18:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Application Data\DAEMON Tools Lite
[2010/02/11 18:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/11 17:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.2.7
[2004/01/23 00:52:04 | 000,021,510 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI1PL.SYS
[2004/01/23 00:52:04 | 000,008,647 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI0PL.SYS
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/09 16:34:00 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/05/09 16:30:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Desktop\OTL.exe
[2010/05/09 16:29:05 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-179605362-725345543-1004.job
[2010/05/09 13:04:13 | 000,203,685 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/09 13:04:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 13:04:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 05:45:52 | 042,467,328 | ---- | M] () -- C:\Documents and Settings\NTUSER.DAT
[2010/05/09 05:45:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ntuser.ini
[2010/05/09 05:40:24 | 000,139,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/09 05:40:15 | 000,214,720 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/05/07 05:07:18 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/07 05:00:59 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/07 04:53:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/07 04:49:13 | 000,652,798 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/07 04:49:13 | 000,542,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/07 04:49:13 | 000,099,084 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/07 04:44:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/07 04:34:37 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/07 04:28:53 | 000,128,352 | ---- | M] () -- C:\WINDOWS\System32\495B.dll
[2010/05/07 04:28:51 | 000,054,624 | ---- | M] () -- C:\WINDOWS\System32\495B.sys
[2010/05/07 04:28:50 | 002,335,270 | ---- | M] () -- C:\WINDOWS\System32\287A.mht
[2010/05/06 23:11:44 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\defogger_reenable
[2010/05/06 22:37:15 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Desktop\dds.scr
[2010/05/06 22:07:18 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Desktop\HijackThis.lnk
[2010/05/06 20:54:54 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/06 20:53:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/05/06 19:59:19 | 000,054,920 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/05/06 19:59:19 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/05/06 19:59:19 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/05/06 19:59:12 | 000,000,049 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/05/06 19:53:31 | 000,002,858 | ---- | M] () -- C:\Documents and Settings\My Documents\cc_20100506_195328.reg
[2010/05/06 19:42:57 | 000,086,426 | ---- | M] () -- C:\Documents and Settings\My Documents\cc_20100506_194254.reg
[2010/05/06 19:33:17 | 028,598,560 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/06 19:32:29 | 001,094,432 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/05/03 18:40:13 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/05/01 18:36:32 | 000,001,176 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 20:03:14 | 002,373,712 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/04/26 17:50:07 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/23 02:20:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/10 19:31:03 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/04/07 02:23:06 | 000,000,021 | ---- | M] () -- C:\Documents and Settings\Application Data\iasna_FB9AECF7-F56E-4c47-A862-8892AA545113.dll
[2010/04/07 02:23:06 | 000,000,021 | ---- | M] () -- C:\Documents and Settings\Application Data\iasna_C92E1371-3DF5-4322-9729-82CC0DD90ECA.dll
[2010/04/07 02:23:06 | 000,000,021 | ---- | M] () -- C:\Documents and Settings\Application Data\iasna_496F4C99-60CC-4b9e-AC1B-FA060E643C32.dll
[2010/04/07 02:23:06 | 000,000,013 | ---- | M] () -- C:\Documents and Settings\Application Data\iasna_D9C6A609-15A1-4768-8E98-6FA00C2547CC.dll
[2010/04/07 02:23:06 | 000,000,013 | ---- | M] () -- C:\Documents and Settings\Application Data\iasna_72024697-2626-4a12-8347-7CAC1834AC3B.dll
[2010/04/07 02:23:05 | 000,000,021 | ---- | M] () -- C:\Documents and Settings\Application Data\iasna_82424970-0916-4145-974C-09EBC0BE67C0.dll
[2010/04/07 02:23:05 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Application Data\iasna_F4F01109-B336-401f-BDE2-7C1926744123.dll
[2010/04/02 22:35:11 | 000,204,808 | ---- | M] () -- C:\Documents and Settings\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/02 11:31:56 | 002,020,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/01 15:38:21 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Desktop\archive list.xls
[2010/03/16 15:26:45 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2010/03/16 15:26:45 | 000,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2010/03/12 18:42:04 | 002,617,614 | -H-- | M] () -- C:\Documents and Settings\Local Settings\Application Data\IconCache.db
[2010/02/12 23:31:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010/02/11 23:46:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/02/11 23:46:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/02/11 23:46:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/02/11 23:45:53 | 000,001,657 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk
[2010/02/11 23:38:23 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Keyboard.lnk
[2010/02/11 19:59:35 | 000,000,131 | ---- | M] () -- C:\WINDOWS\CRC.INI
[2010/02/11 19:54:35 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/02/11 18:53:34 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/11 17:28:34 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 10.0.lnk
[2010/02/11 17:21:41 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MyDefrag.lnk

========== Files Created - No Company Name ==========

[2010/05/07 05:04:48 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/07 04:34:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/07 04:34:34 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/07 04:28:53 | 000,128,352 | ---- | C] () -- C:\WINDOWS\System32\495B.dll
[2010/05/07 04:28:51 | 000,054,624 | ---- | C] () -- C:\WINDOWS\System32\495B.sys
[2010/05/07 04:28:50 | 002,335,270 | ---- | C] () -- C:\WINDOWS\System32\287A.mht
[2010/05/07 04:09:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/07 04:09:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/06 23:11:39 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\defogger_reenable
[2010/05/06 22:40:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Desktop\gmer.exe
[2010/05/06 22:37:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Desktop\dds.scr
[2010/05/06 22:07:18 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Desktop\HijackThis.lnk
[2010/05/06 20:45:42 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/06 19:53:29 | 000,002,858 | ---- | C] () -- C:\Documents and Settings\My Documents\cc_20100506_195328.reg
[2010/05/06 19:42:56 | 000,086,426 | ---- | C] () -- C:\Documents and Settings\My Documents\cc_20100506_194254.reg
[2010/05/01 03:43:04 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\FxGoWinFu.dll
[2010/04/26 17:50:07 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2010/04/22 23:19:44 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/10 19:32:11 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/04/10 19:31:03 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/04/07 02:23:06 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Application Data\iasna_FB9AECF7-F56E-4c47-A862-8892AA545113.dll
[2010/04/07 02:23:06 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Application Data\iasna_C92E1371-3DF5-4322-9729-82CC0DD90ECA.dll
[2010/04/07 02:23:06 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Application Data\iasna_496F4C99-60CC-4b9e-AC1B-FA060E643C32.dll
[2010/04/07 02:23:06 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\Application Data\iasna_D9C6A609-15A1-4768-8E98-6FA00C2547CC.dll
[2010/04/07 02:23:06 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\Application Data\iasna_72024697-2626-4a12-8347-7CAC1834AC3B.dll
[2010/04/07 02:23:05 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Application Data\iasna_82424970-0916-4145-974C-09EBC0BE67C0.dll
[2010/04/07 02:23:05 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Application Data\iasna_F4F01109-B336-401f-BDE2-7C1926744123.dll
[2010/03/22 22:56:03 | 006,579,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/11 23:46:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/02/11 23:46:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/02/11 23:46:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/02/11 23:45:53 | 000,001,657 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk
[2010/02/11 23:36:05 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Keyboard.lnk
[2010/02/11 22:36:55 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/10/11 14:43:22 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/07 16:49:36 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/08/09 23:37:18 | 000,000,090 | ---- | C] () -- C:\WINDOWS\WA.INI
[2008/11/22 01:35:18 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/16 20:42:46 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2008/06/16 20:42:46 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/05/04 01:22:13 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/05/03 05:20:59 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2008/05/03 04:57:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/04/18 04:38:35 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2008/01/13 18:25:59 | 000,049,152 | -HS- | C] () -- C:\WINDOWS\System32\cwScopeProp.dll
[2008/01/03 23:17:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/12/29 17:25:15 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/12/29 17:14:33 | 000,029,637 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/12/29 16:00:59 | 000,029,922 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/12/29 04:12:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/12/29 04:12:18 | 000,012,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/12/28 21:31:49 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/11/29 02:40:55 | 000,002,420 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007/09/08 22:54:51 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/08/16 18:57:27 | 000,000,026 | R--- | C] () -- C:\WINDOWS\System32\system82.sys
[2007/08/16 18:57:26 | 000,000,026 | R--- | C] () -- C:\WINDOWS\System32\system82.DLL
[2007/08/16 18:57:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\sysdate82.ini
[2007/08/16 18:17:50 | 000,000,026 | R--- | C] () -- C:\WINDOWS\System32\system32.DLL
[2007/08/16 18:16:39 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\sysdate.ini
[2007/08/13 17:14:16 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/13 17:14:16 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/13 17:14:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/13 17:14:12 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 17:14:11 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/07/11 00:47:55 | 000,000,485 | ---- | C] () -- C:\WINDOWS\sam8_d.INI
[2007/07/11 00:42:42 | 000,001,188 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/07/01 02:17:22 | 000,000,836 | ---- | C] () -- C:\WINDOWS\System32\Gui.ini
[2007/07/01 02:17:22 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\MidiCC.ini
[2007/07/01 00:32:27 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/01/29 10:18:46 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/29 10:17:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/06/02 17:15:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/05/24 12:37:27 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/02/24 03:41:59 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 03:41:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 11:36:20 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 11:36:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 11:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2005/04/15 19:01:43 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2005/04/13 14:41:02 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\SWFGen.dll
[2004/12/03 10:58:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\dbghist.ini
[2004/12/03 10:55:47 | 000,000,439 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/10/15 23:49:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/29 22:34:51 | 000,001,615 | ---- | C] () -- C:\WINDOWS\TrueRTA.INI
[2004/09/20 23:17:15 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\pdxrkt3.dll
[2004/06/21 20:43:19 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/06/21 20:39:57 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/06/21 20:39:56 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/06/21 20:39:32 | 000,000,156 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/04/24 19:26:52 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Ucalc32.dll
[2004/04/14 20:41:32 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/04/14 20:41:32 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/04/14 20:41:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2004/04/14 20:41:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2004/02/04 23:36:42 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2004/02/02 23:42:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/02/01 23:41:15 | 000,022,239 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/01/26 20:06:35 | 000,000,072 | ---- | C] () -- C:\WINDOWS\vcam3000.INI
[2004/01/24 22:01:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2004/01/23 02:19:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/23 01:46:35 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/01/21 02:07:47 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[2004/01/21 02:05:19 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/01/20 21:06:59 | 000,028,108 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004/01/19 23:52:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/17 22:25:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/01/17 19:22:14 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2003/11/17 17:57:38 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\FDlg.dll
[2003/03/31 08:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2003/02/20 11:59:52 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\TidyATL.dll
[2002/10/04 02:01:42 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/01/01 01:05:02 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/01/15 18:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Acronis
[2008/01/26 00:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Allume Systems
[2008/09/25 14:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Canneverbe_Limited
[2010/05/09 14:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\CoreFTP
[2009/07/04 02:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Flux
[2006/03/04 13:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\FUJIFILM
[2010/05/01 15:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\FXpansion
[2008/06/09 23:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\gtk-2.0
[2009/10/07 16:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\id Software
[2008/01/03 23:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\ImgBurn
[2004/01/19 18:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\InterVideo
[2008/01/04 22:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Leadertech
[2010/04/26 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Mp3tag
[2007/12/04 22:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Netscape
[2009/08/10 02:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\PACE Anti-Piracy
[2007/07/01 02:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Publish Providers
[2006/11/30 20:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\RelevantReach
[2008/05/03 05:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\Samsung
[2009/05/12 00:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\ScanSoft
[2008/08/28 01:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Application Data\SystemRequirementsLab
[2010/02/11 18:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/02/01 01:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2010/05/06 20:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/27 20:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2007/09/02 18:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/08/10 02:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2004/10/02 21:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/06/12 14:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/12/04 16:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMSI
[2007/05/01 04:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSDGL
[2008/04/30 19:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/05/06 22:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/02 02:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/02 15:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/02/27 02:30:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}


========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 05:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/08/02 10:55:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\erdnt\cache\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 05:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 05:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/08/02 10:55:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0033\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0034\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0053\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0054\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\erdnt\cache\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 970 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uAjA4s0c51esWCQSdzOLx8hig
@Alternate Data Stream - 1386 bytes -> C:\Program Files\Outlook Express:0c6nzwtAeGO3BQ3B0gwAs1W
@Alternate Data Stream - 1331 bytes -> C:\Documents and Settings\Local Settings\Application Data\NZTwkDLG2:lvnEnnajQv4vtJV3igf8u
@Alternate Data Stream - 1324 bytes -> C:\Documents and Settings\Local Settings\Application Data\oLw4FrdJLltxl:XNDUY8XiPvC0HOHHvxsq3HnV
@Alternate Data Stream - 1285 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:rfUI426URDzmhh3eVcSppvET
@Alternate Data Stream - 1226 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:KI5r347nHPiDqH8UsF5JSPn
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1198 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ZpWSUfOdFiOk2G2yUkQuxLUh
@Alternate Data Stream - 1160 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:1sNP0gqLi0RIFbmXt6aoqICLZ
@Alternate Data Stream - 1153 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:M4kDDd2DVUPg0G11eFtxy9
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:7Z592ovPtZcL7h5iBHE
@Alternate Data Stream - 1123 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Br068ctPRSm3Fi6Qfh7dD
@Alternate Data Stream - 1113 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:oFvCewpNbSNmfto4neneiE5j
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1037 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Vq4ZXxt4758192QRJMvS1PyxM9
< End of report >

OTL Extras logfile created on: 5/9/2010 4:34:44 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 238.46 Gb Free Space | 85.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 199.00 Gb Free Space | 42.73% Space Free | Partition Type: NTFS
Drive F: | 279.46 Gb Total Space | 99.92 Gb Free Space | 35.75% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded


Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" (Adobe Systems Incorporated)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:utorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{11F703F5-DCAF-49EC-8CD2-488F483E32B0}" = KORG USB-MIDI Driver Tools for Windows
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{28EAF1F5-4E32-4A52-ADAC-846CF1C5F06D}" = Pure Networks Platform
"{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}" = PACE System Files
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E894A9A-4391-4D88-A473-43F1393312F2}" = StereoTool
"{5012BC0C-7E1A-329A-8F02-B6846070C5F8}" = Google Talk Plugin
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C08753F-2A90-494A-BD09-E3F222B2BDCA}" = USB-IDE Bridge Driver
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = AusLogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}" = StuffIt Deluxe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{94118D5F-2D5D-4BF5-9F84-11FB8A97B566}" = 2d3 SteadyMove for Adobe Premiere Pro
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF89274D-5EBA-4BAC-924E-DE038CD8C37C}_is1" = Synthation Pro-53-Essentials 1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}" = Sony Media Manager 2.2
"{CA634931-0CC3-4067-ABCC-7182E1DC23B7}" = HP Button Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = AusLogics Registry Defrag
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"7-Zip" = 7-Zip 4.42
"ASAPI Update" = ASAPI Update
"ASCII Art Generator_is1" = ASCII Art Generator 3.2.4.2
"CCleaner" = CCleaner
"Collab" = Collab
"Core FTP LE 2.1" = Core FTP LE 2.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{45D228AA-4284-467A-9DB6-942B92BFF656}" = ATI DVD Decoder 2.2.0.0
"InstallShield_{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}" = StuffIt Deluxe
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"InstallShield_{E75B079A-A2BC-49EF-BE8F-F713A86C62DA}" = InterLok Driver Kit
"KeyStation1x1" = USB Keyboard Device 1.0.1.0
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Muon Atom Pro" = Muon Atom Pro 1.12
"MyDefrag v4.2.7_is1" = MyDefrag v4.2.7
"OpenAL" = OpenAL
"PCM Native Reverb VST Plug-in" = PCM Native Reverb VST Plug-in
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"SyncBackSE_is1" = SyncBackSE
"SystemRequirementsLab" = System Requirements Lab
"Ultra Fractal 5.01 Animation Edition" = Ultra Fractal 5.01 Animation Edition
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2010 7:33:35 PM | Computer Name = BOY | Source = Application Error | ID = 1000
Description = Faulting application khalmnpr.exe, version 4.82.11.0, faulting module
kernel32.dll, version 5.1.2600.3541, fault address 0x00083fc4.

Error - 5/6/2010 7:33:36 PM | Computer Name = BOY | Source = Application Error | ID = 1000
Description = Faulting application syncbackse.exe, version 5.2.1.0, faulting module
kernel32.dll, version 5.1.2600.3541, fault address 0x00083fc4.

Error - 5/6/2010 7:41:51 PM | Computer Name = BOY | Source = pctsSvc.exe | ID = 0
Description =

Error - 5/6/2010 7:47:12 PM | Computer Name = BOY | Source = MsiInstaller | ID = 11704
Description = Product: Java Auto Updater -- Error 1704.An installation for Microsoft
Office 2000 Professional is currently suspended. You must undo the changes made
by that installation to continue. Do you want to undo those changes?

Error - 5/6/2010 9:34:00 PM | Computer Name = BOY | Source = Application Error | ID = 1000
Description = Faulting application sfp.exe, version 1.0.0.1, faulting module cdxp.dll,
version 0.0.0.0, fault address 0x000011bf.

Error - 5/7/2010 3:47:06 AM | Computer Name = BOY | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
with error: The connection with the server was terminated abnormally

Error - 5/7/2010 3:47:06 AM | Computer Name = BOY | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
with error: This network connection does not exist.

Error - 5/7/2010 3:47:06 AM | Computer Name = BOY | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
with error: This network connection does not exist.

Error - 5/7/2010 6:06:17 AM | Computer Name = BOY | Source = MsiInstaller | ID = 11704
Description = Product: Ad-Aware 2007 -- Error 1704. An installation for Microsoft
Office 2000 Professional is currently suspended. You must undo the changes made
by that installation to continue. Do you want to undo those changes?

Error - 5/7/2010 3:19:15 PM | Computer Name = BOY | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

[ System Events ]
Error - 5/9/2010 2:34:09 AM | Computer Name = BOY | Source = Print | ID = 23
Description = Printer Adobe PDF failed to initialize because a suitable Adobe PDF
Converter driver could not be found.

Error - 5/9/2010 2:34:13 AM | Computer Name = BOY | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/9/2010 2:34:13 AM | Computer Name = BOY | Source = Service Control Manager | ID = 7000
Description = The LBeepKE service failed to start due to the following error: %%31

Error - 5/9/2010 2:34:13 AM | Computer Name = BOY | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 5/9/2010 2:34:13 AM | Computer Name = BOY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep SASDIFSV SASKUTIL

Error - 5/9/2010 1:04:26 PM | Computer Name = BOY | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/9/2010 1:04:26 PM | Computer Name = BOY | Source = Service Control Manager | ID = 7000
Description = The LBeepKE service failed to start due to the following error: %%31

Error - 5/9/2010 1:04:26 PM | Computer Name = BOY | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 5/9/2010 1:04:28 PM | Computer Name = BOY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep SASDIFSV SASKUTIL

Error - 5/9/2010 1:04:37 PM | Computer Name = BOY | Source = Print | ID = 23
Description = Printer Adobe PDF failed to initialize because a suitable Adobe PDF
Converter driver could not be found.


< End of report >

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 10 May 2010 - 05:55 PM

Hello, mojopin.

OK, let's get started. I don't see any evidence of TDSS from what you provided...but it appears you ran Combofix already. Can you please post C:\Combofix.txt so I can see what it found? Once I take a look, we can proceed further.


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case CCleaner). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578




Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 mojopin

mojopin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 10 May 2010 - 06:13 PM

When I ran combofix it said it detected a rootkit and fixed it. I then ran it with the uninstall switch but for some reason it ran again so this log won't show what it removed the first time. Thanks!

ComboFix 10-05-06.04 - 05/07/2010 4:51.5.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3327.2579 [GMT -4:00]
Running from: c:\documents and settings\\Desktop\Cix.exe
Command switches used :: /u
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 08:33 . 2010-05-07 08:48 -------- d-----w- C:\Cix
2010-05-07 08:28 . 2010-05-07 08:28 128352 ----a-w- c:\windows\system32\495B.dll
2010-05-07 08:28 . 2010-05-07 08:28 54624 ----a-w- c:\windows\system32\495B.sys
2010-05-07 00:53 . 2010-05-07 00:53 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-07 00:45 . 2010-05-07 00:54 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-07 00:45 . 2010-05-07 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-07 00:45 . 2010-05-07 00:45 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-06 23:59 . 2010-05-06 23:59 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-05-06 23:59 . 2010-05-06 23:59 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-06 23:59 . 2010-05-06 23:59 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-05-06 23:48 . 2010-05-06 23:48 503808 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\msvcp71.dll
2010-05-06 23:48 . 2010-05-06 23:48 499712 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\jmc.dll
2010-05-06 23:48 . 2010-05-06 23:48 348160 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\msvcr71.dll
2010-05-06 23:48 . 2010-05-06 23:48 61440 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6741a924-n\decora-sse.dll
2010-05-06 23:48 . 2010-05-06 23:48 12800 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6741a924-n\decora-d3d.dll
2010-05-06 23:48 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 23:31 . 2010-05-07 02:12 -------- d-----w- c:\program files\Spyware Doctor
2010-05-06 23:31 . 2010-05-07 00:05 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-06 23:30 . 2010-05-07 02:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-05 05:33 . 2010-05-05 05:39 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\madsdgocp
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut6_504C9DBC7EE645B2A9CF47F39BEDA88E.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut2_C8CBC5632A224D2D83650A01AF12D5F6.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut1_F627668DCED74C3B92937B05B370A211.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\ARPPRODUCTICON.exe
2010-05-03 22:35 . 2010-05-03 22:36 -------- d-----w- c:\program files\KORG
2010-05-01 21:16 . 2010-05-03 23:21 -------- d-----w- c:\documents and settings\\Application Data\Modartt
2010-05-01 21:16 . 2010-05-01 21:16 -------- d-----w- c:\program files\Modartt
2010-05-01 19:09 . 2010-05-01 19:13 -------- d-----w- c:\documents and settings\\Application Data\FXpansion
2010-05-01 07:43 . 2010-05-01 07:43 -------- d-----w- c:\documents and settings\\Application Data\SynthMaker
2010-05-01 07:43 . 2006-01-03 07:29 172032 ----a-w- c:\windows\system32\FxGoWinFu.dll
2010-05-01 07:43 . 2010-05-01 07:43 -------- d-----w- c:\program files\XILS-lab
2010-05-01 06:20 . 2010-05-01 06:20 -------- d-----w- c:\documents and settings\\Application Data\Teragon Audio
2010-04-28 00:03 . 2010-04-28 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-04-27 20:08 . 2010-03-26 14:33 43008 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-27 20:08 . 2010-03-26 14:33 1496064 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-27 20:08 . 2010-03-26 14:33 339456 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-27 20:08 . 2010-03-26 14:32 346112 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-26 21:50 . 2010-04-26 21:52 -------- d-----w- c:\documents and settings\\Application Data\Mp3tag
2010-04-26 21:50 . 2010-04-26 21:50 -------- d-----w- c:\program files\Mp3tag
2010-04-15 03:41 . 2010-04-15 03:41 33792 ----a-w- c:\documents and settings\\Application Data\Waves\Caches\C\Program Files\Waves\Plug-Ins\GTRToolRack.dll\XWP4\1000.dll
2010-04-15 03:41 . 2010-04-15 03:41 32768 ----a-w- c:\documents and settings\\Application Data\Waves\Caches\C\Program Files\Waves\Plug-Ins\GTRStomp.dll\XWP4\1000.dll
2010-04-13 17:10 . 2010-04-13 17:10 629824 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2010-04-13 17:03 . 2010-04-13 17:03 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2010-04-11 23:06 . 2010-04-11 23:08 -------- d-----w- c:\program files\Waves
2010-04-11 22:36 . 2010-04-11 22:36 -------- d-----w- C:\Digidesign Databases
2010-04-10 23:32 . 2010-04-10 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-04-10 23:32 . 2010-05-07 08:21 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 01:33 . 2008-04-13 07:01 -------- d-----w- c:\program files\Har-Bal 2.3
2010-05-06 23:52 . 2007-03-05 08:03 -------- d-----w- c:\program files\Common Files\Java
2010-05-06 23:52 . 2004-01-26 23:55 -------- d-----w- c:\program files\Java
2010-05-06 23:33 . 2007-01-30 01:19 28598560 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-06 23:32 . 2007-01-30 01:19 1094432 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-06 20:16 . 2008-03-04 11:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 20:16 . 2009-06-12 18:32 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-06 04:50 . 2010-02-11 21:21 -------- d-----w- c:\program files\MyDefrag v4.2.7
2010-05-06 02:35 . 2008-03-04 12:01 -------- d-----w- c:\program files\CCleaner
2010-05-06 01:45 . 2008-04-30 23:17 -------- d-----w- c:\documents and settings\\Application Data\SUPERAntiSpyware.com
2010-05-06 00:44 . 2007-07-01 08:03 -------- d-----w- c:\documents and settings\\Application Data\Digidesign
2010-05-05 23:49 . 2008-08-05 16:09 -------- d-----w- c:\documents and settings\\Application Data\CoreFTP
2010-05-05 23:14 . 2009-10-11 18:43 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-05 23:14 . 2009-10-07 20:53 371776 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-05-05 23:14 . 2009-10-07 20:44 187456 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-05-05 23:14 . 2009-10-11 18:42 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-05 23:14 . 2009-10-07 20:44 887448 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-05-05 23:14 . 2009-10-07 20:44 57344 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-05-05 23:14 . 2009-10-07 20:44 2432064 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-05-05 17:00 . 2004-02-11 01:08 -------- d-----w- c:\program files\Arturia
2010-05-05 05:39 . 2008-11-24 05:54 -------- d-----w- c:\program files\Ultra Fractal 5
2010-05-05 05:39 . 2004-06-08 03:40 -------- d-----w- c:\program files\CDXTRACT4
2010-05-02 02:31 . 2004-06-03 04:44 -------- d-----w- c:\program files\YAMAHA
2010-05-02 02:31 . 2004-01-17 23:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 19:12 . 2002-01-01 05:54 -------- d-----w- c:\documents and settings\\Application Data\uTorrent
2010-05-01 19:10 . 2010-02-24 03:48 -------- d-----w- c:\program files\EMI
2010-05-01 19:10 . 2004-10-01 02:32 -------- d-----w- c:\program files\FXpansion
2010-05-01 08:44 . 2008-05-02 01:37 -------- d-----w- c:\program files\Image-Line
2010-04-29 19:39 . 2008-08-27 23:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-08-27 23:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 00:03 . 2010-02-12 02:36 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-28 00:03 . 2009-10-11 18:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-23 03:19 . 2004-01-27 04:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 00:11 . 2010-03-23 02:56 6579512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-15 03:41 . 2010-04-11 23:38 -------- d-----w- c:\documents and settings\\Application Data\Waves Preferences
2010-04-14 15:41 . 2010-03-03 21:54 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-14 15:41 . 2010-03-03 21:54 86800 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-04-14 15:41 . 2010-03-23 22:40 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-14 15:41 . 2010-03-03 21:54 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-14 15:41 . 2010-03-03 21:54 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-04-11 22:55 . 2004-10-19 02:11 -------- d-----w- c:\program files\HarBal 1.5
2010-04-11 22:53 . 2004-01-27 04:32 -------- d-----w- c:\program files\Waves Old
2010-04-10 23:32 . 2007-08-18 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-04-10 23:30 . 2007-08-18 06:45 -------- d-----w- c:\program files\Comodo
2010-04-10 22:51 . 2007-08-18 06:48 -------- d-----w- c:\documents and settings\\Application Data\Comodo
2010-04-03 02:37 . 2010-04-03 02:37 -------- d-----w- c:\program files\PSPaudioware
2010-04-03 02:36 . 2010-04-03 02:36 -------- d-----w- c:\program files\Uninstall
2010-04-03 02:35 . 2004-12-03 15:05 204808 ----a-w- c:\documents and settings\\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 04:59 . 2010-04-02 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-04-02 04:58 . 2010-04-02 04:58 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-03-29 21:12 . 2010-03-25 19:01 461888 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-28 23:59 . 2008-06-24 02:00 -------- d-----w- c:\program files\u-he
2010-03-26 11:19 . 2010-02-12 00:18 -------- d-----w- c:\documents and settings\\Application Data\VST3 Presets
2010-03-23 00:19 . 2010-03-23 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Arturia
2010-03-23 00:15 . 2009-04-15 22:04 -------- d-----w- c:\program files\TurboTax
2010-03-21 08:28 . 2010-03-21 08:28 -------- d-----w- c:\program files\D16 Group
2010-03-16 19:26 . 2008-12-07 06:30 16 ----a-w- c:\windows\msocreg32.dat
2010-03-16 19:10 . 2004-01-18 05:22 -------- d-----w- c:\program files\Steinberg
2010-03-15 03:01 . 2008-04-02 06:15 -------- d-----w- c:\program files\DivX
2010-03-15 03:00 . 2010-03-15 03:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-12 22:43 . 2002-01-01 05:54 -------- d-----w- c:\program files\uTorrent
2010-03-11 12:38 . 2004-12-07 21:37 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-11 22:53 . 2010-02-11 22:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-06 00:33 . 2009-08-06 00:33 5 ----a-w- c:\program files\eula.txt
2009-08-06 00:30 . 2009-08-06 00:30 3 ----a-w- c:\program files\option.txt
2008-03-04 11:06 . 2008-03-04 11:06 15816 ----a-w- c:\program files\Common Files\oborizevup.exe
2008-03-04 11:06 . 2008-03-04 11:06 13091 ----a-w- c:\program files\Common Files\imunafatuj.bin
2008-03-04 11:06 . 2008-03-04 11:06 12204 ----a-w- c:\program files\Common Files\cecel.bat
2008-03-04 11:06 . 2008-03-04 11:06 10943 ----a-w- c:\program files\Common Files\anevuhofu.scr
2005-09-10 01:55 . 2007-12-28 20:01 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-10 01:55 . 2007-12-28 20:01 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-10 01:55 . 2007-12-28 20:01 37766164 ----a-w- c:\program files\Data1.cab
2002-09-11 14:26 . 2008-05-04 05:22 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2001-01-05 20:51 . 2004-10-05 00:00 162304 ----a-w- c:\program files\UNWISE.EXE
2008-08-29 01:55 . 2008-08-29 01:55 2 --shatr- c:\windows\winstart.bat
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2002-05-07 06:21 . 2008-01-13 22:25 49152 --shatw- c:\windows\system32\cwScopeProp.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-07_08.45.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-03-31 12:00 . 2010-03-14 16:38 99084 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2010-05-07 08:49 99084 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2010-05-07 08:49 542684 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2010-03-14 16:38 542684 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InitPulsar"="C:" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-14 2029456]

c:\documents and settings\\Start Menu\Programs\Startup\
SyncBackSE.lnk - c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-5-9 6281984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Lynx Tray Volume.lnk - c:\program files\Lynx Studio Technology\LynxTrayVolume.exe [2008-11-10 61440]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=unitydrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DigiRefresh"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"IDriverT"=3 (0x3)
"digiSPTIService"=3 (0x3)
"ATI Smart"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2/19/2009 3:48 PM 11264]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [3/3/2010 5:54 PM 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/23/2010 6:40 PM 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/3/2010 5:54 PM 25240]
R1 Scope;WDM Driver for Scope;c:\windows\system32\drivers\scope.sys [1/13/2008 6:25 PM 110048]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [1/16/2008 6:52 PM 49152]
R3 LynxWDM;LynxWDM;c:\windows\system32\drivers\LynxWDM.Sys [11/10/2008 9:17 PM 196744]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [1/16/2008 6:52 PM 102528]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/11/2010 11:46 PM 10384]
S3 2nixA;2nixA;c:\sfp\App\Sys\2nixA.sys [1/17/2004 7:31 PM 10016]
S3 2nixWDM;2nixWDM;c:\sfp\App\Sys\2nixWDM.sys [1/17/2004 7:31 PM 10112]
S3 495B;495B;c:\windows\system32\495B.sys [5/7/2010 4:28 AM 54624]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [4/9/2009 11:48 PM 52008]
S3 InvVxD;InvVxD;c:\sfp\App\Sys\InvVxD.sys [1/17/2004 7:31 PM 10784]
S3 KGPar2;KGPar2;c:\sfp\App\Sys\KGPar2.sys [1/17/2004 7:31 PM 22624]
S3 KGPar3;KGPar3;c:\sfp\App\Sys\KGPar3.sys [1/17/2004 7:31 PM 25472]
S3 MArrFifo;MArrFifo;c:\sfp\App\Sys\MArrFifo.sys [1/17/2004 7:31 PM 12640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/27/2008 7:00 PM 38224]
S3 MFifoArr;MFifoArr;c:\sfp\App\Sys\MFifoArr.sys [1/17/2004 7:31 PM 10400]
S3 MidiAck;MidiAck;c:\sfp\App\Sys\MidiAck.sys [1/17/2004 7:31 PM 10016]
S3 MVC2VxD;MVC2VxD;c:\sfp\App\Sys\MVC2VxD.sys [1/17/2004 7:31 PM 79264]
S3 MVCVxD;MVCVxD;c:\sfp\App\Sys\MVCVxD.sys [1/17/2004 7:31 PM 73792]
S3 PC2VxD;PC2VxD;c:\sfp\App\Sys\PC2VxD.sys [1/17/2004 7:31 PM 10208]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [10/23/2007 4:45 AM 269824]
S3 SASENUM;SASENUM;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 SDTHelper;Helper driver for SDT-Tool;c:\documents and settings\\My Documents\Downloads\radix_installer\SDTHLPR.sys [4/18/2010 7:57 PM 14873]
S3 Spl2VxD;Spl2VxD;c:\sfp\App\Sys\Spl2VxD.sys [1/17/2004 7:31 PM 15648]
S3 TPlay;TPlay;c:\sfp\App\Sys\TPlay.sys [1/17/2004 7:31 PM 11296]
S3 TPRSync;TPRSync;c:\sfp\App\Sys\TPRSync.sys [1/17/2004 7:31 PM 11520]
S3 TPSync;TPSync;c:\sfp\App\Sys\TPSync.sys [1/17/2004 7:31 PM 10592]
S3 TRec;TRec;c:\sfp\App\Sys\TRec.sys [1/17/2004 7:31 PM 12832]
S3 TRSync;TRSync;c:\sfp\App\Sys\TRSync.sys [1/17/2004 7:31 PM 10592]
S3 TStretch;TStretch;c:\sfp\App\Sys\TStretch.sys [1/17/2004 7:31 PM 44864]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [1/13/2008 6:20 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [1/13/2008 6:21 PM 22304]
S3 VDATMot;VDATMot;c:\sfp\App\Sys\VDATMot.sys [1/17/2004 7:31 PM 19168]
S3 VPlay;VPlay;c:\sfp\App\Sys\VPlay.sys [1/17/2004 7:31 PM 12544]
S3 VRec;VRec;c:\sfp\App\Sys\VRec.sys [1/17/2004 7:31 PM 12640]
S3 VSTin;VSTin;c:\sfp\App\Sys\VSTin.sys [1/17/2004 7:31 PM 12960]
S3 VSTout;VSTout;c:\sfp\App\Sys\VSTout.sys [1/17/2004 7:31 PM 12256]
S3 VSTsync;VSTsync;c:\sfp\App\Sys\VSTsync.sys [1/17/2004 7:31 PM 10272]
S3 VxD2PC;VxD2PC;c:\sfp\App\Sys\VxD2PC.sys [1/17/2004 7:31 PM 10304]
S3 WaveIn16;WaveIn16;c:\sfp\App\Sys\WaveIn16.sys [1/17/2004 7:31 PM 10176]
S3 WaveOut16;WaveOut16;c:\sfp\App\Sys\WaveOut16.sys [1/17/2004 7:31 PM 10176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/11/2010 6:53 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-179605362-725345543-1004.job
- c:\documents and settings\\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-31 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 04:53
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f5,84,6e,ff,0a,70,cb,dc,96,36,3e,cb,bf,69,0b,cf,de,ef,41,ce,50,
2e,86,34,25,bd,b7,45,05,15,ee,68,9f,74,6d,f5,dd,5c,91,86,18,8e,f3,81,b9,20,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f5,84,6e,ff,0a,70,cb,dc,96,36,3e,cb,bf,69,0b,cf,de,ef,41,ce,50,
2e,86,34,25,bd,b7,45,05,15,ee,68,9f,74,6d,f5,dd,5c,91,86,18,8e,f3,81,b9,20,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-07 04:55:28
ComboFix-quarantined-files.txt 2010-05-07 08:55
ComboFix2.txt 2010-05-07 08:48

Pre-Run: 247,997,743,104 bytes free
Post-Run: 247,972,454,400 bytes free

- - End Of File - - 014089AC495840CD0C52D0C794F0C4B9


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 10 May 2010 - 06:22 PM

ok, no worries. please post this file:

C:\qoobox\ComboFix2.txt


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 mojopin

mojopin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 10 May 2010 - 06:30 PM

Ok - combofix2.txt file, thanks:

ComboFix 10-05-06.04 - 05/07/2010 4:40.4.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3327.2839 [GMT -4:00]
Running from: c:\documents and settings\\Desktop\Cix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\\Application Data\PnkBstrK.sys
c:\program files\INSTALL.LOG
c:\program files\version.txt
c:\windows\BackUp
c:\windows\BackUp\TB040621.DAT
c:\windows\eSellerateEngine.dll
c:\windows\patch.exe
c:\windows\system32\_003740_.tmp.dll
c:\windows\system32\_003741_.tmp.dll
c:\windows\system32\_003742_.tmp.dll
c:\windows\system32\_003743_.tmp.dll
c:\windows\system32\_003750_.tmp.dll
c:\windows\system32\_003751_.tmp.dll
c:\windows\system32\_003752_.tmp.dll
c:\windows\system32\_003753_.tmp.dll
c:\windows\system32\_003754_.tmp.dll
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003756_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003758_.tmp.dll
c:\windows\system32\_003759_.tmp.dll
c:\windows\system32\_003760_.tmp.dll
c:\windows\system32\_003761_.tmp.dll
c:\windows\system32\_003762_.tmp.dll
c:\windows\system32\_003763_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003768_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003773_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003775_.tmp.dll
c:\windows\system32\_003776_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003778_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003781_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003783_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003788_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003790_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003798_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003800_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003810_.tmp.dll
c:\windows\system32\_003811_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003816_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003824_.tmp.dll
c:\windows\system32\_003825_.tmp.dll
c:\windows\system32\_003826_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003828_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003835_.tmp.dll
c:\windows\system32\_004516_.tmp.dll
c:\windows\system32\_004517_.tmp.dll
c:\windows\system32\_004518_.tmp.dll
c:\windows\system32\_004519_.tmp.dll
c:\windows\system32\_004526_.tmp.dll
c:\windows\system32\_004527_.tmp.dll
c:\windows\system32\_004528_.tmp.dll
c:\windows\system32\_004529_.tmp.dll
c:\windows\system32\_004531_.tmp.dll
c:\windows\system32\_004532_.tmp.dll
c:\windows\system32\_004535_.tmp.dll
c:\windows\system32\_004536_.tmp.dll
c:\windows\system32\_004538_.tmp.dll
c:\windows\system32\_004539_.tmp.dll
c:\windows\system32\_004540_.tmp.dll
c:\windows\system32\_004542_.tmp.dll
c:\windows\system32\_004545_.tmp.dll
c:\windows\system32\_004546_.tmp.dll
c:\windows\system32\_004550_.tmp.dll
c:\windows\system32\_004551_.tmp.dll
c:\windows\system32\_004553_.tmp.dll
c:\windows\system32\_004556_.tmp.dll
c:\windows\system32\_004558_.tmp.dll
c:\windows\system32\_004559_.tmp.dll
c:\windows\system32\_004561_.tmp.dll
c:\windows\system32\_004562_.tmp.dll
c:\windows\system32\_004565_.tmp.dll
c:\windows\system32\_004566_.tmp.dll
c:\windows\system32\_004567_.tmp.dll
c:\windows\system32\_004568_.tmp.dll
c:\windows\system32\_004569_.tmp.dll
c:\windows\system32\_004574_.tmp.dll
c:\windows\system32\_004576_.tmp.dll
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\msvcsv60.dll
c:\windows\system32\ReadMe.txt
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET4A3.tmp
c:\windows\system32\SET57B.tmp
c:\windows\system32\ssprs.dll
c:\windows\system32\zlibwapi.dll

Infected copy of c:\windows\system32\drivers\inspect.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 08:28 . 2010-05-07 08:28 128352 ----a-w- c:\windows\system32\495B.dll
2010-05-07 08:28 . 2010-05-07 08:28 54624 ----a-w- c:\windows\system32\495B.sys
2010-05-07 00:53 . 2010-05-07 00:53 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-07 00:45 . 2010-05-07 00:54 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-07 00:45 . 2010-05-07 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-07 00:45 . 2010-05-07 00:45 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-06 23:59 . 2010-05-06 23:59 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-05-06 23:59 . 2010-05-06 23:59 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-06 23:59 . 2010-05-06 23:59 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-05-06 23:48 . 2010-05-06 23:48 503808 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\msvcp71.dll
2010-05-06 23:48 . 2010-05-06 23:48 499712 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\jmc.dll
2010-05-06 23:48 . 2010-05-06 23:48 348160 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\msvcr71.dll
2010-05-06 23:48 . 2010-05-06 23:48 61440 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6741a924-n\decora-sse.dll
2010-05-06 23:48 . 2010-05-06 23:48 12800 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6741a924-n\decora-d3d.dll
2010-05-06 23:48 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 23:31 . 2010-05-07 02:12 -------- d-----w- c:\program files\Spyware Doctor
2010-05-06 23:31 . 2010-05-07 00:05 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-06 23:30 . 2010-05-07 02:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-05 05:33 . 2010-05-05 05:39 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\madsdgocp
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut6_504C9DBC7EE645B2A9CF47F39BEDA88E.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut2_C8CBC5632A224D2D83650A01AF12D5F6.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut1_F627668DCED74C3B92937B05B370A211.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\ARPPRODUCTICON.exe
2010-05-03 22:35 . 2010-05-03 22:36 -------- d-----w- c:\program files\KORG
2010-05-01 21:16 . 2010-05-03 23:21 -------- d-----w- c:\documents and settings\\Application Data\Modartt
2010-05-01 21:16 . 2010-05-01 21:16 -------- d-----w- c:\program files\Modartt
2010-05-01 19:09 . 2010-05-01 19:13 -------- d-----w- c:\documents and settings\\Application Data\FXpansion
2010-05-01 07:43 . 2010-05-01 07:43 -------- d-----w- c:\documents and settings\\Application Data\SynthMaker
2010-05-01 07:43 . 2006-01-03 07:29 172032 ----a-w- c:\windows\system32\FxGoWinFu.dll
2010-05-01 07:43 . 2010-05-01 07:43 -------- d-----w- c:\program files\XILS-lab
2010-05-01 06:20 . 2010-05-01 06:20 -------- d-----w- c:\documents and settings\\Application Data\Teragon Audio
2010-04-28 00:03 . 2010-04-28 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-04-27 20:08 . 2010-03-26 14:33 43008 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-27 20:08 . 2010-03-26 14:33 1496064 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-27 20:08 . 2010-03-26 14:33 339456 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-27 20:08 . 2010-03-26 14:32 346112 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-26 21:50 . 2010-04-26 21:52 -------- d-----w- c:\documents and settings\\Application Data\Mp3tag
2010-04-26 21:50 . 2010-04-26 21:50 -------- d-----w- c:\program files\Mp3tag
2010-04-13 17:10 . 2010-04-13 17:10 629824 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2010-04-13 17:03 . 2010-04-13 17:03 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2010-04-11 22:36 . 2010-04-11 22:36 -------- d-----w- C:\Digidesign Databases
2010-04-10 23:32 . 2010-04-10 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-04-10 23:32 . 2010-05-07 08:21 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 01:33 . 2008-04-13 07:01 -------- d-----w- c:\program files\Har-Bal 2.3
2010-05-06 23:52 . 2007-03-05 08:03 -------- d-----w- c:\program files\Common Files\Java
2010-05-06 23:52 . 2004-01-26 23:55 -------- d-----w- c:\program files\Java
2010-05-06 23:33 . 2007-01-30 01:19 28598560 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-06 23:32 . 2007-01-30 01:19 1094432 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-06 20:16 . 2008-03-04 11:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 20:16 . 2009-06-12 18:32 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-06 04:50 . 2010-02-11 21:21 -------- d-----w- c:\program files\MyDefrag v4.2.7
2010-05-06 02:35 . 2008-03-04 12:01 -------- d-----w- c:\program files\CCleaner
2010-05-06 01:45 . 2008-04-30 23:17 -------- d-----w- c:\documents and settings\\Application Data\SUPERAntiSpyware.com
2010-05-06 00:44 . 2007-07-01 08:03 -------- d-----w- c:\documents and settings\\Application Data\Digidesign
2010-05-05 23:49 . 2008-08-05 16:09 -------- d-----w- c:\documents and settings\\Application Data\CoreFTP
2010-05-05 23:14 . 2009-10-11 18:43 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-05 23:14 . 2009-10-07 20:53 371776 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-05-05 23:14 . 2009-10-07 20:44 187456 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-05-05 23:14 . 2009-10-11 18:42 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-05 23:14 . 2009-10-07 20:44 887448 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-05-05 23:14 . 2009-10-07 20:44 57344 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-05-05 23:14 . 2009-10-07 20:44 2432064 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-05-05 17:00 . 2004-02-11 01:08 -------- d-----w- c:\program files\Arturia
2010-05-05 05:39 . 2008-11-24 05:54 -------- d-----w- c:\program files\Ultra Fractal 5
2010-05-05 05:39 . 2004-06-08 03:40 -------- d-----w- c:\program files\CDXTRACT4
2010-05-02 02:31 . 2004-06-03 04:44 -------- d-----w- c:\program files\YAMAHA
2010-05-02 02:31 . 2004-01-17 23:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 19:12 . 2002-01-01 05:54 -------- d-----w- c:\documents and settings\\Application Data\uTorrent
2010-05-01 19:10 . 2010-02-24 03:48 -------- d-----w- c:\program files\EMI
2010-05-01 19:10 . 2004-10-01 02:32 -------- d-----w- c:\program files\FXpansion
2010-05-01 08:44 . 2008-05-02 01:37 -------- d-----w- c:\program files\Image-Line
2010-04-29 19:39 . 2008-08-27 23:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-08-27 23:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 00:03 . 2010-02-12 02:36 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-28 00:03 . 2009-10-11 18:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-23 03:19 . 2004-01-27 04:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 00:11 . 2010-03-23 02:56 6579512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-15 03:41 . 2010-04-11 23:38 -------- d-----w- c:\documents and settings\\Application Data\Waves Preferences
2010-04-14 15:41 . 2010-03-03 21:54 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-14 15:41 . 2010-03-03 21:54 86800 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-04-14 15:41 . 2010-03-23 22:40 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-14 15:41 . 2010-03-03 21:54 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-14 15:41 . 2010-03-03 21:54 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-04-11 22:55 . 2004-10-19 02:11 -------- d-----w- c:\program files\HarBal 1.5
2010-04-10 23:32 . 2007-08-18 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-04-10 23:30 . 2007-08-18 06:45 -------- d-----w- c:\program files\Comodo
2010-04-10 22:51 . 2007-08-18 06:48 -------- d-----w- c:\documents and settings\\Application Data\Comodo
2010-04-03 02:37 . 2010-04-03 02:37 -------- d-----w- c:\program files\PSPaudioware
2010-04-03 02:36 . 2010-04-03 02:36 -------- d-----w- c:\program files\Uninstall
2010-04-03 02:35 . 2004-12-03 15:05 204808 ----a-w- c:\documents and settings\\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 04:59 . 2010-04-02 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-04-02 04:58 . 2010-04-02 04:58 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-03-29 21:12 . 2010-03-25 19:01 461888 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-28 23:59 . 2008-06-24 02:00 -------- d-----w- c:\program files\u-he
2010-03-26 11:19 . 2010-02-12 00:18 -------- d-----w- c:\documents and settings\\Application Data\VST3 Presets
2010-03-23 00:19 . 2010-03-23 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Arturia
2010-03-23 00:15 . 2009-04-15 22:04 -------- d-----w- c:\program files\TurboTax
2010-03-16 19:26 . 2008-12-07 06:30 16 ----a-w- c:\windows\msocreg32.dat
2010-03-16 19:10 . 2004-01-18 05:22 -------- d-----w- c:\program files\Steinberg
2010-03-15 03:01 . 2008-04-02 06:15 -------- d-----w- c:\program files\DivX
2010-03-15 03:00 . 2010-03-15 03:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-12 22:43 . 2002-01-01 05:54 -------- d-----w- c:\program files\uTorrent
2010-03-11 12:38 . 2004-12-07 21:37 832512 ----a-r- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-11 22:53 . 2010-02-11 22:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-06 00:33 . 2009-08-06 00:33 5 ----a-w- c:\program files\eula.txt
2009-08-06 00:30 . 2009-08-06 00:30 3 ----a-w- c:\program files\option.txt
2008-03-04 11:06 . 2008-03-04 11:06 15816 ----a-w- c:\program files\Common Files\oborizevup.exe
2008-03-04 11:06 . 2008-03-04 11:06 13091 ----a-w- c:\program files\Common Files\imunafatuj.bin
2008-03-04 11:06 . 2008-03-04 11:06 12204 ----a-w- c:\program files\Common Files\cecel.bat
2008-03-04 11:06 . 2008-03-04 11:06 10943 ----a-w- c:\program files\Common Files\anevuhofu.scr
2005-09-10 01:55 . 2007-12-28 20:01 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-10 01:55 . 2007-12-28 20:01 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-10 01:55 . 2007-12-28 20:01 37766164 ----a-w- c:\program files\Data1.cab
2002-09-11 14:26 . 2008-05-04 05:22 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2001-01-05 20:51 . 2004-10-05 00:00 162304 ----a-w- c:\program files\UNWISE.EXE
2008-08-29 01:55 . 2008-08-29 01:55 2 --shatr- c:\windows\winstart.bat
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2002-05-07 06:21 . 2008-01-13 22:25 49152 --shatw- c:\windows\system32\cwScopeProp.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InitPulsar"="C:" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-14 2029456]

c:\documents and settings\\Start Menu\Programs\Startup\
SyncBackSE.lnk - c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-5-9 6281984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Lynx Tray Volume.lnk - c:\program files\Lynx Studio Technology\LynxTrayVolume.exe [2008-11-10 61440]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=unitydrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DigiRefresh"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"IDriverT"=3 (0x3)
"digiSPTIService"=3 (0x3)
"ATI Smart"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2/19/2009 3:48 PM 11264]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [3/3/2010 5:54 PM 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/23/2010 6:40 PM 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/3/2010 5:54 PM 25240]
R1 Scope;WDM Driver for Scope;c:\windows\system32\drivers\scope.sys [1/13/2008 6:25 PM 110048]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [1/16/2008 6:52 PM 49152]
R3 LynxWDM;LynxWDM;c:\windows\system32\drivers\LynxWDM.Sys [11/10/2008 9:17 PM 196744]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [1/16/2008 6:52 PM 102528]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/11/2010 11:46 PM 10384]
S3 2nixA;2nixA;c:\sfp\App\Sys\2nixA.sys [1/17/2004 7:31 PM 10016]
S3 2nixWDM;2nixWDM;c:\sfp\App\Sys\2nixWDM.sys [1/17/2004 7:31 PM 10112]
S3 495B;495B;c:\windows\system32\495B.sys [5/7/2010 4:28 AM 54624]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [4/9/2009 11:48 PM 52008]
S3 InvVxD;InvVxD;c:\sfp\App\Sys\InvVxD.sys [1/17/2004 7:31 PM 10784]
S3 KGPar2;KGPar2;c:\sfp\App\Sys\KGPar2.sys [1/17/2004 7:31 PM 22624]
S3 KGPar3;KGPar3;c:\sfp\App\Sys\KGPar3.sys [1/17/2004 7:31 PM 25472]
S3 MArrFifo;MArrFifo;c:\sfp\App\Sys\MArrFifo.sys [1/17/2004 7:31 PM 12640]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/27/2008 7:00 PM 38224]
S3 MFifoArr;MFifoArr;c:\sfp\App\Sys\MFifoArr.sys [1/17/2004 7:31 PM 10400]
S3 MidiAck;MidiAck;c:\sfp\App\Sys\MidiAck.sys [1/17/2004 7:31 PM 10016]
S3 MVC2VxD;MVC2VxD;c:\sfp\App\Sys\MVC2VxD.sys [1/17/2004 7:31 PM 79264]
S3 MVCVxD;MVCVxD;c:\sfp\App\Sys\MVCVxD.sys [1/17/2004 7:31 PM 73792]
S3 PC2VxD;PC2VxD;c:\sfp\App\Sys\PC2VxD.sys [1/17/2004 7:31 PM 10208]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [10/23/2007 4:45 AM 269824]
S3 SASENUM;SASENUM;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 SDTHelper;Helper driver for SDT-Tool;c:\documents and settings\\My Documents\Downloads\radix_installer\SDTHLPR.sys [4/18/2010 7:57 PM 14873]
S3 Spl2VxD;Spl2VxD;c:\sfp\App\Sys\Spl2VxD.sys [1/17/2004 7:31 PM 15648]
S3 TPlay;TPlay;c:\sfp\App\Sys\TPlay.sys [1/17/2004 7:31 PM 11296]
S3 TPRSync;TPRSync;c:\sfp\App\Sys\TPRSync.sys [1/17/2004 7:31 PM 11520]
S3 TPSync;TPSync;c:\sfp\App\Sys\TPSync.sys [1/17/2004 7:31 PM 10592]
S3 TRec;TRec;c:\sfp\App\Sys\TRec.sys [1/17/2004 7:31 PM 12832]
S3 TRSync;TRSync;c:\sfp\App\Sys\TRSync.sys [1/17/2004 7:31 PM 10592]
S3 TStretch;TStretch;c:\sfp\App\Sys\TStretch.sys [1/17/2004 7:31 PM 44864]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [1/13/2008 6:20 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [1/13/2008 6:21 PM 22304]
S3 VDATMot;VDATMot;c:\sfp\App\Sys\VDATMot.sys [1/17/2004 7:31 PM 19168]
S3 VPlay;VPlay;c:\sfp\App\Sys\VPlay.sys [1/17/2004 7:31 PM 12544]
S3 VRec;VRec;c:\sfp\App\Sys\VRec.sys [1/17/2004 7:31 PM 12640]
S3 VSTin;VSTin;c:\sfp\App\Sys\VSTin.sys [1/17/2004 7:31 PM 12960]
S3 VSTout;VSTout;c:\sfp\App\Sys\VSTout.sys [1/17/2004 7:31 PM 12256]
S3 VSTsync;VSTsync;c:\sfp\App\Sys\VSTsync.sys [1/17/2004 7:31 PM 10272]
S3 VxD2PC;VxD2PC;c:\sfp\App\Sys\VxD2PC.sys [1/17/2004 7:31 PM 10304]
S3 WaveIn16;WaveIn16;c:\sfp\App\Sys\WaveIn16.sys [1/17/2004 7:31 PM 10176]
S3 WaveOut16;WaveOut16;c:\sfp\App\Sys\WaveOut16.sys [1/17/2004 7:31 PM 10176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/11/2010 6:53 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-179605362-725345543-1004.job
- c:\documents and settings\\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-31 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)
SafeBoot-klmdb.sys



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f5,84,6e,ff,0a,70,cb,dc,96,36,3e,cb,bf,69,0b,cf,de,ef,41,ce,50,
2e,86,34,25,bd,b7,45,05,15,ee,68,9f,74,6d,f5,dd,5c,91,86,18,8e,f3,81,b9,20,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f5,84,6e,ff,0a,70,cb,dc,96,36,3e,cb,bf,69,0b,cf,de,ef,41,ce,50,
2e,86,34,25,bd,b7,45,05,15,ee,68,9f,74,6d,f5,dd,5c,91,86,18,8e,f3,81,b9,20,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3664)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\sfp\app\bin\sfp.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2010-05-07 04:48:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-07 08:48

Pre-Run: 247,763,632,128 bytes free
Post-Run: 247,962,886,144 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - B8B19234930E03635CF7A8587C4F9BC2


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 10 May 2010 - 06:41 PM

Hello, mojopin.

Good news...Combofix caught the rootkit. Bad news...it is a backdoor rootkit. Please delete your copy of combofix.exe (cix.exe as you renamed it), and download a fresh copy before continuing.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.











Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as mojopinCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on mojopinCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 mojopin

mojopin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 10 May 2010 - 07:02 PM

Hi - Well, that isn't good news. I would very much like to keep this installation as I have many programs. When I was infected I had a firewall and router running. Does that reduce my risk? I read other threads where this was the outcome but the user stopped experiencing symptoms and was convinced that the computer was clean. Are we just being hopeful? What would I need to look out for? Ok..here is my log:

ComboFix 10-05-10.02 - 05/10/2010 19:49:19.6.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3327.2543 [GMT -4:00]
Running from: c:\documents and settings\\Desktop\MOJOCF.EXE.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-07 08:28 . 2010-05-07 08:28 128352 ----a-w- c:\windows\system32\495B.dll
2010-05-07 08:28 . 2010-05-07 08:28 54624 ----a-w- c:\windows\system32\495B.sys
2010-05-07 00:53 . 2010-05-07 00:53 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-07 00:45 . 2010-05-07 00:54 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-07 00:45 . 2010-05-07 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-07 00:45 . 2010-05-07 00:45 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-06 23:59 . 2010-05-06 23:59 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-05-06 23:59 . 2010-05-06 23:59 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-06 23:59 . 2010-05-06 23:59 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-05-06 23:48 . 2010-05-06 23:48 503808 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\msvcp71.dll
2010-05-06 23:48 . 2010-05-06 23:48 499712 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\jmc.dll
2010-05-06 23:48 . 2010-05-06 23:48 348160 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\msvcr71.dll
2010-05-06 23:48 . 2010-05-06 23:48 61440 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6741a924-n\decora-sse.dll
2010-05-06 23:48 . 2010-05-06 23:48 12800 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6741a924-n\decora-d3d.dll
2010-05-06 23:48 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 23:31 . 2010-05-07 02:12 -------- d-----w- c:\program files\Spyware Doctor
2010-05-06 23:31 . 2010-05-07 00:05 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-06 23:30 . 2010-05-07 02:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-05 05:33 . 2010-05-05 05:39 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\madsdgocp
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut6_504C9DBC7EE645B2A9CF47F39BEDA88E.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut2_C8CBC5632A224D2D83650A01AF12D5F6.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut1_F627668DCED74C3B92937B05B370A211.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\ARPPRODUCTICON.exe
2010-05-03 22:35 . 2010-05-03 22:36 -------- d-----w- c:\program files\KORG
2010-05-01 21:16 . 2010-05-03 23:21 -------- d-----w- c:\documents and settings\\Application Data\Modartt
2010-05-01 21:16 . 2010-05-01 21:16 -------- d-----w- c:\program files\Modartt
2010-05-01 19:09 . 2010-05-01 19:13 -------- d-----w- c:\documents and settings\\Application Data\FXpansion
2010-05-01 07:43 . 2010-05-01 07:43 -------- d-----w- c:\documents and settings\\Application Data\SynthMaker
2010-05-01 07:43 . 2006-01-03 07:29 172032 ----a-w- c:\windows\system32\FxGoWinFu.dll
2010-05-01 07:43 . 2010-05-01 07:43 -------- d-----w- c:\program files\XILS-lab
2010-05-01 06:20 . 2010-05-01 06:20 -------- d-----w- c:\documents and settings\\Application Data\Teragon Audio
2010-04-28 00:03 . 2010-04-28 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-04-27 20:08 . 2010-03-26 14:33 43008 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-27 20:08 . 2010-03-26 14:33 1496064 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-27 20:08 . 2010-03-26 14:33 339456 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-27 20:08 . 2010-03-26 14:32 346112 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-26 21:50 . 2010-04-26 21:52 -------- d-----w- c:\documents and settings\\Application Data\Mp3tag
2010-04-26 21:50 . 2010-04-26 21:50 -------- d-----w- c:\program files\Mp3tag
2010-04-15 03:41 . 2010-04-15 03:41 33792 ----a-w- c:\documents and settings\\Application Data\Waves\Caches\C\Program Files\Waves\Plug-Ins\GTRToolRack.dll\XWP4\1000.dll
2010-04-15 03:41 . 2010-04-15 03:41 32768 ----a-w- c:\documents and settings\\Application Data\Waves\Caches\C\Program Files\Waves\Plug-Ins\GTRStomp.dll\XWP4\1000.dll
2010-04-13 17:10 . 2010-04-13 17:10 629824 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2010-04-13 17:03 . 2010-04-13 17:03 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2010-04-11 22:36 . 2010-04-11 22:36 -------- d-----w- C:\Digidesign Databases

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 23:42 . 2007-07-01 08:03 -------- d-----w- c:\documents and settings\\Application Data\Digidesign
2010-05-10 23:42 . 2010-04-10 23:32 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-10 22:08 . 2002-01-01 05:54 -------- d-----w- c:\documents and settings\\Application Data\uTorrent
2010-05-10 19:47 . 2004-02-11 01:08 -------- d-----w- c:\program files\Arturia
2010-05-10 04:42 . 2008-08-05 16:09 -------- d-----w- c:\documents and settings\\Application Data\CoreFTP
2010-05-10 00:14 . 2010-02-11 21:21 -------- d-----w- c:\program files\MyDefrag v4.2.7
2010-05-09 09:40 . 2009-10-11 18:43 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-09 09:40 . 2009-10-07 20:53 371776 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-05-09 09:40 . 2009-10-07 20:44 187456 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-05-09 09:40 . 2009-10-11 18:42 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-09 09:40 . 2009-10-07 20:44 887448 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-05-09 09:40 . 2009-10-07 20:44 57344 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-05-09 09:40 . 2009-10-07 20:44 2432064 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-05-07 10:07 . 2004-01-27 04:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-07 10:06 . 2007-07-26 16:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-07 10:06 . 2004-04-20 16:47 -------- d-----w- c:\program files\Lavasoft
2010-05-07 01:33 . 2008-04-13 07:01 -------- d-----w- c:\program files\Har-Bal 2.3
2010-05-06 23:52 . 2007-03-05 08:03 -------- d-----w- c:\program files\Common Files\Java
2010-05-06 23:52 . 2004-01-26 23:55 -------- d-----w- c:\program files\Java
2010-05-06 23:33 . 2007-01-30 01:19 28598560 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-06 23:32 . 2007-01-30 01:19 1094432 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-06 20:16 . 2008-03-04 11:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 02:35 . 2008-03-04 12:01 -------- d-----w- c:\program files\CCleaner
2010-05-06 01:45 . 2008-04-30 23:17 -------- d-----w- c:\documents and settings\\Application Data\SUPERAntiSpyware.com
2010-05-05 05:39 . 2008-11-24 05:54 -------- d-----w- c:\program files\Ultra Fractal 5
2010-05-05 05:39 . 2004-06-08 03:40 -------- d-----w- c:\program files\CDXTRACT4
2010-05-02 02:31 . 2004-06-03 04:44 -------- d-----w- c:\program files\YAMAHA
2010-05-02 02:31 . 2004-01-17 23:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 19:10 . 2010-02-24 03:48 -------- d-----w- c:\program files\EMI
2010-05-01 19:10 . 2004-10-01 02:32 -------- d-----w- c:\program files\FXpansion
2010-05-01 08:44 . 2008-05-02 01:37 -------- d-----w- c:\program files\Image-Line
2010-04-29 19:39 . 2008-08-27 23:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-08-27 23:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 00:03 . 2010-02-12 02:36 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-28 00:03 . 2009-10-11 18:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-16 00:11 . 2010-03-23 02:56 6579512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-15 03:41 . 2010-04-11 23:38 -------- d-----w- c:\documents and settings\\Application Data\Waves Preferences
2010-04-14 15:41 . 2010-03-03 21:54 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-14 15:41 . 2010-03-03 21:54 86800 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-04-14 15:41 . 2010-03-23 22:40 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-14 15:41 . 2010-03-03 21:54 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-14 15:41 . 2010-03-03 21:54 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-04-11 22:55 . 2004-10-19 02:11 -------- d-----w- c:\program files\HarBal 1.5
2010-04-10 23:32 . 2010-04-10 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-04-10 23:32 . 2007-08-18 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-04-10 23:30 . 2007-08-18 06:45 -------- d-----w- c:\program files\Comodo
2010-04-10 22:51 . 2007-08-18 06:48 -------- d-----w- c:\documents and settings\\Application Data\Comodo
2010-04-03 02:37 . 2010-04-03 02:37 -------- d-----w- c:\program files\PSPaudioware
2010-04-03 02:36 . 2010-04-03 02:36 -------- d-----w- c:\program files\Uninstall
2010-04-03 02:35 . 2004-12-03 15:05 204808 ----a-w- c:\documents and settings\\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 04:59 . 2010-04-02 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-04-02 04:58 . 2010-04-02 04:58 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-03-29 21:12 . 2010-03-25 19:01 461888 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-28 23:59 . 2008-06-24 02:00 -------- d-----w- c:\program files\u-he
2010-03-26 11:19 . 2010-02-12 00:18 -------- d-----w- c:\documents and settings\\Application Data\VST3 Presets
2010-03-23 00:19 . 2010-03-23 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Arturia
2010-03-16 19:26 . 2008-12-07 06:30 16 ----a-w- c:\windows\msocreg32.dat
2010-03-16 19:10 . 2004-01-18 05:22 -------- d-----w- c:\program files\Steinberg
2010-03-15 03:01 . 2008-04-02 06:15 -------- d-----w- c:\program files\DivX
2010-03-15 03:00 . 2010-03-15 03:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-12 22:43 . 2002-01-01 05:54 -------- d-----w- c:\program files\uTorrent
2010-03-11 12:38 . 2004-12-07 21:37 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-03-31 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 12:31 . 2009-08-04 16:07 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:17 . 2009-08-04 16:07 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2009-08-04 16:07 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2003-03-31 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 22:53 . 2010-02-11 22:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-11 12:01 . 2009-08-04 16:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-08-06 00:33 . 2009-08-06 00:33 5 ----a-w- c:\program files\eula.txt
2009-08-06 00:30 . 2009-08-06 00:30 3 ----a-w- c:\program files\option.txt
2008-03-04 11:06 . 2008-03-04 11:06 15816 ----a-w- c:\program files\Common Files\oborizevup.exe
2008-03-04 11:06 . 2008-03-04 11:06 13091 ----a-w- c:\program files\Common Files\imunafatuj.bin
2008-03-04 11:06 . 2008-03-04 11:06 12204 ----a-w- c:\program files\Common Files\cecel.bat
2008-03-04 11:06 . 2008-03-04 11:06 10943 ----a-w- c:\program files\Common Files\anevuhofu.scr
2005-09-10 01:55 . 2007-12-28 20:01 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-10 01:55 . 2007-12-28 20:01 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-10 01:55 . 2007-12-28 20:01 37766164 ----a-w- c:\program files\Data1.cab
2002-09-11 14:26 . 2008-05-04 05:22 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2001-01-05 20:51 . 2004-10-05 00:00 162304 ----a-w- c:\program files\UNWISE.EXE
2008-08-29 01:55 . 2008-08-29 01:55 2 --shatr- c:\windows\winstart.bat
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2002-05-07 06:21 . 2008-01-13 22:25 49152 --shatw- c:\windows\system32\cwScopeProp.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-07_08.45.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-10 19:42 . 2010-05-10 19:42 16384 c:\windows\Temp\Perflib_Perfdata_544.dat
+ 2007-12-27 04:52 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2007-12-27 04:52 . 2007-11-30 09:39 17272 c:\windows\system32\spmsg.dll
- 2003-03-31 12:00 . 2010-03-14 16:38 99084 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2010-05-07 08:49 99084 c:\windows\system32\perfc009.dat
+ 2010-01-13 14:10 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2003-03-31 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2003-03-31 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2003-03-31 12:00 . 2010-05-07 08:49 542684 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2010-03-14 16:38 542684 c:\windows\system32\perfh009.dat
+ 2009-08-04 16:07 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2009-08-04 16:07 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2009-08-04 16:07 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2009-08-04 16:07 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2009-08-04 16:07 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-08-04 16:07 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2009-08-04 16:07 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-08-04 16:07 . 2010-02-16 13:19 2181376 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-08-04 16:07 . 2010-02-16 12:39 2016768 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-08-04 16:07 . 2010-02-16 12:39 2058368 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-08-04 16:07 . 2010-02-16 13:17 2137088 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-08-04 16:07 . 2010-02-16 13:19 2181376 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-08-04 16:07 . 2010-02-16 12:39 2016768 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-08-04 16:07 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-08-04 16:07 . 2010-02-16 13:17 2137088 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-05-11 05:50 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InitPulsar"="C:" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-14 2029456]

c:\documents and settings\\Start Menu\Programs\Startup\
SyncBackSE.lnk - c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-5-9 6281984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Lynx Tray Volume.lnk - c:\program files\Lynx Studio Technology\LynxTrayVolume.exe [2008-11-10 61440]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=unitydrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DigiRefresh"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"IDriverT"=3 (0x3)
"digiSPTIService"=3 (0x3)
"ATI Smart"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2/19/2009 3:48 PM 11264]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [3/3/2010 5:54 PM 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/23/2010 6:40 PM 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/3/2010 5:54 PM 25240]
R1 Scope;WDM Driver for Scope;c:\windows\system32\drivers\scope.sys [1/13/2008 6:25 PM 110048]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [1/16/2008 6:52 PM 49152]
R3 LynxWDM;LynxWDM;c:\windows\system32\drivers\LynxWDM.Sys [11/10/2008 9:17 PM 196744]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [1/16/2008 6:52 PM 102528]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/11/2010 11:46 PM 10384]
S3 2nixA;2nixA;c:\sfp\App\Sys\2nixA.sys [1/17/2004 7:31 PM 10016]
S3 2nixWDM;2nixWDM;c:\sfp\App\Sys\2nixWDM.sys [1/17/2004 7:31 PM 10112]
S3 495B;495B;c:\windows\system32\495B.sys [5/7/2010 4:28 AM 54624]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [4/9/2009 11:48 PM 52008]
S3 InvVxD;InvVxD;c:\sfp\App\Sys\InvVxD.sys [1/17/2004 7:31 PM 10784]
S3 KGPar2;KGPar2;c:\sfp\App\Sys\KGPar2.sys [1/17/2004 7:31 PM 22624]
S3 KGPar3;KGPar3;c:\sfp\App\Sys\KGPar3.sys [1/17/2004 7:31 PM 25472]
S3 MArrFifo;MArrFifo;c:\sfp\App\Sys\MArrFifo.sys [1/17/2004 7:31 PM 12640]
S3 MFifoArr;MFifoArr;c:\sfp\App\Sys\MFifoArr.sys [1/17/2004 7:31 PM 10400]
S3 MidiAck;MidiAck;c:\sfp\App\Sys\MidiAck.sys [1/17/2004 7:31 PM 10016]
S3 MVC2VxD;MVC2VxD;c:\sfp\App\Sys\MVC2VxD.sys [1/17/2004 7:31 PM 79264]
S3 MVCVxD;MVCVxD;c:\sfp\App\Sys\MVCVxD.sys [1/17/2004 7:31 PM 73792]
S3 PC2VxD;PC2VxD;c:\sfp\App\Sys\PC2VxD.sys [1/17/2004 7:31 PM 10208]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [10/23/2007 4:45 AM 269824]
S3 SASENUM;SASENUM;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 SDTHelper;Helper driver for SDT-Tool;c:\documents and settings\\My Documents\Downloads\radix_installer\SDTHLPR.sys [4/18/2010 7:57 PM 14873]
S3 Spl2VxD;Spl2VxD;c:\sfp\App\Sys\Spl2VxD.sys [1/17/2004 7:31 PM 15648]
S3 TPlay;TPlay;c:\sfp\App\Sys\TPlay.sys [1/17/2004 7:31 PM 11296]
S3 TPRSync;TPRSync;c:\sfp\App\Sys\TPRSync.sys [1/17/2004 7:31 PM 11520]
S3 TPSync;TPSync;c:\sfp\App\Sys\TPSync.sys [1/17/2004 7:31 PM 10592]
S3 TRec;TRec;c:\sfp\App\Sys\TRec.sys [1/17/2004 7:31 PM 12832]
S3 TRSync;TRSync;c:\sfp\App\Sys\TRSync.sys [1/17/2004 7:31 PM 10592]
S3 TStretch;TStretch;c:\sfp\App\Sys\TStretch.sys [1/17/2004 7:31 PM 44864]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [1/13/2008 6:20 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [1/13/2008 6:21 PM 22304]
S3 VDATMot;VDATMot;c:\sfp\App\Sys\VDATMot.sys [1/17/2004 7:31 PM 19168]
S3 VPlay;VPlay;c:\sfp\App\Sys\VPlay.sys [1/17/2004 7:31 PM 12544]
S3 VRec;VRec;c:\sfp\App\Sys\VRec.sys [1/17/2004 7:31 PM 12640]
S3 VSTin;VSTin;c:\sfp\App\Sys\VSTin.sys [1/17/2004 7:31 PM 12960]
S3 VSTout;VSTout;c:\sfp\App\Sys\VSTout.sys [1/17/2004 7:31 PM 12256]
S3 VSTsync;VSTsync;c:\sfp\App\Sys\VSTsync.sys [1/17/2004 7:31 PM 10272]
S3 VxD2PC;VxD2PC;c:\sfp\App\Sys\VxD2PC.sys [1/17/2004 7:31 PM 10304]
S3 WaveIn16;WaveIn16;c:\sfp\App\Sys\WaveIn16.sys [1/17/2004 7:31 PM 10176]
S3 WaveOut16;WaveOut16;c:\sfp\App\Sys\WaveOut16.sys [1/17/2004 7:31 PM 10176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/11/2010 6:53 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-179605362-725345543-1004.job
- c:\documents and settings\\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-31 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 19:52
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f5,84,6e,ff,0a,70,cb,dc,96,36,3e,cb,bf,69,0b,cf,de,ef,41,ce,50,
2e,86,34,25,bd,b7,45,05,15,ee,68,9f,74,6d,f5,dd,5c,91,86,18,8e,f3,81,b9,20,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f5,84,6e,ff,0a,70,cb,dc,96,36,3e,cb,bf,69,0b,cf,de,ef,41,ce,50,
2e,86,34,25,bd,b7,45,05,15,ee,68,9f,74,6d,f5,dd,5c,91,86,18,8e,f3,81,b9,20,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1724)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-10 19:54:58
ComboFix-quarantined-files.txt 2010-05-10 23:54
ComboFix2.txt 2010-05-07 08:55
ComboFix3.txt 2010-05-07 08:48

Pre-Run: 255,950,364,672 bytes free
Post-Run: 255,906,029,568 bytes free

- - End Of File - - B46067E9FDEAD638BC21475A5BEEAB48


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 11 May 2010 - 05:44 PM

Hello, mojopin.
Not really...the firewall may help, but they're often only one direction to block incoming connections. Outgoing connections could still occur.

We can clean what we can see, the risk is something brand new is on there or something we can't see. Of course, that risk is always there 1 second after you plug a freshly reformatted computer into the internet...you just never know. It's up to you. Here's instructions if you'd like to continue.

Do you know what application is installed in C:\SFP?

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Driver::
495B
folder::
C:\Documents and Settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
C:\Documents and Settings\Local Settings\Application Data\madsdgocp
file::
C:\WINDOWS\System32\495B.dll
C:\WINDOWS\System32\495B.sys
C:\WINDOWS\System32\287A.mht
C:\WINDOWS\System32\FxGoWinFu.dll
C:\Documents and Settings\Application Data\iasna_FB9AECF7-F56E-4c47-A862-8892AA545113.dll
C:\Documents and Settings\Application Data\iasna_C92E1371-3DF5-4322-9729-82CC0DD90ECA.dll
C:\Documents and Settings\Application Data\iasna_496F4C99-60CC-4b9e-AC1B-FA060E643C32.dll
C:\Documents and Settings\Application Data\iasna_D9C6A609-15A1-4768-8E98-6FA00C2547CC.dll
C:\Documents and Settings\Application Data\iasna_72024697-2626-4a12-8347-7CAC1834AC3B.dll
C:\Documents and Settings\Application Data\iasna_82424970-0916-4145-974C-09EBC0BE67C0.dll
C:\Documents and Settings\Application Data\iasna_F4F01109-B336-401f-BDE2-7C1926744123.dll
c:\program files\Common Files\oborizevup.exe
c:\program files\Common Files\imunafatuj.bin
c:\program files\Common Files\cecel.bat
c:\program files\Common Files\anevuhofu.scr


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 mojopin

mojopin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 11 May 2010 - 06:27 PM

HI - SFP is the software for a soundcard called Scope that I've had for years. Do you recommend something better than comodo (which i use for antivirus also). What about prevx to add as a combo? Here is my latest log. Thanks for your ongoing help!!

ComboFix 10-05-10.05 - 05/11/2010 19:12:01.7.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3327.2600 [GMT -4:00]
Running from: c:\documents and settings\\Desktop\MOJOCF.EXE.exe
Command switches used :: c:\documents and settings\\Desktop\CFScript.txt.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point

FILE ::
"c:\documents and settings\Application Data\iasna_496F4C99-60CC-4b9e-AC1B-FA060E643C32.dll"
"c:\documents and settings\Application Data\iasna_72024697-2626-4a12-8347-7CAC1834AC3B.dll"
"c:\documents and settings\Application Data\iasna_82424970-0916-4145-974C-09EBC0BE67C0.dll"
"c:\documents and settings\Application Data\iasna_C92E1371-3DF5-4322-9729-82CC0DD90ECA.dll"
"c:\documents and settings\Application Data\iasna_D9C6A609-15A1-4768-8E98-6FA00C2547CC.dll"
"c:\documents and settings\Application Data\iasna_F4F01109-B336-401f-BDE2-7C1926744123.dll"
"c:\documents and settings\Application Data\iasna_FB9AECF7-F56E-4c47-A862-8892AA545113.dll"
"c:\program files\Common Files\anevuhofu.scr"
"c:\program files\Common Files\cecel.bat"
"c:\program files\Common Files\imunafatuj.bin"
"c:\program files\Common Files\oborizevup.exe"
"c:\windows\System32\287A.mht"
"c:\windows\System32\495B.dll"
"c:\windows\System32\495B.sys"
"c:\windows\System32\FxGoWinFu.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\instance.dat
c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\mia.lib
c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.dat
c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.exe
c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.msi
c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.par
c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.res
c:\program files\Common Files\anevuhofu.scr
c:\program files\Common Files\cecel.bat
c:\program files\Common Files\imunafatuj.bin
c:\program files\Common Files\oborizevup.exe
c:\windows\System32\287A.mht
c:\windows\System32\495B.dll
c:\windows\System32\495B.sys
c:\windows\System32\FxGoWinFu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_495B


((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-07 00:53 . 2010-05-07 00:53 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-07 00:45 . 2010-05-07 00:54 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-07 00:45 . 2010-05-07 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-07 00:45 . 2010-05-07 00:45 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-06 23:48 . 2010-05-06 23:48 503808 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\msvcp71.dll
2010-05-06 23:48 . 2010-05-06 23:48 499712 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\jmc.dll
2010-05-06 23:48 . 2010-05-06 23:48 348160 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6060c467-n\msvcr71.dll
2010-05-06 23:48 . 2010-05-06 23:48 61440 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6741a924-n\decora-sse.dll
2010-05-06 23:48 . 2010-05-06 23:48 12800 ----a-w- c:\documents and settings\\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6741a924-n\decora-d3d.dll
2010-05-06 23:48 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 23:31 . 2010-05-07 02:12 -------- d-----w- c:\program files\Spyware Doctor
2010-05-06 23:31 . 2010-05-07 00:05 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-06 23:30 . 2010-05-07 02:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-05 05:33 . 2010-05-05 05:39 -------- d-----w- c:\documents and settings\\Local Settings\Application Data\madsdgocp
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut6_504C9DBC7EE645B2A9CF47F39BEDA88E.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut2_C8CBC5632A224D2D83650A01AF12D5F6.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\NewShortcut1_F627668DCED74C3B92937B05B370A211.exe
2010-05-03 22:35 . 2010-05-03 22:35 292878 ----a-r- c:\documents and settings\\Application Data\Microsoft\Installer\{11F703F5-DCAF-49EC-8CD2-488F483E32B0}\ARPPRODUCTICON.exe
2010-05-03 22:35 . 2010-05-03 22:36 -------- d-----w- c:\program files\KORG
2010-05-01 21:16 . 2010-05-03 23:21 -------- d-----w- c:\documents and settings\\Application Data\Modartt
2010-05-01 21:16 . 2010-05-01 21:16 -------- d-----w- c:\program files\Modartt
2010-05-01 19:09 . 2010-05-01 19:13 -------- d-----w- c:\documents and settings\\Application Data\FXpansion
2010-05-01 07:43 . 2010-05-01 07:43 -------- d-----w- c:\documents and settings\\Application Data\SynthMaker
2010-05-01 07:43 . 2010-05-01 07:43 -------- d-----w- c:\program files\XILS-lab
2010-05-01 06:20 . 2010-05-01 06:20 -------- d-----w- c:\documents and settings\\Application Data\Teragon Audio
2010-04-28 00:03 . 2010-04-28 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-04-27 20:08 . 2010-03-26 14:33 43008 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-27 20:08 . 2010-03-26 14:33 1496064 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-27 20:08 . 2010-03-26 14:33 339456 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-27 20:08 . 2010-03-26 14:32 346112 ----a-w- c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-26 21:50 . 2010-04-26 21:52 -------- d-----w- c:\documents and settings\\Application Data\Mp3tag
2010-04-26 21:50 . 2010-04-26 21:50 -------- d-----w- c:\program files\Mp3tag
2010-04-15 03:41 . 2010-04-15 03:41 33792 ----a-w- c:\documents and settings\\Application
2010-04-13 17:10 . 2010-04-13 17:10 629824 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2010-04-13 17:03 . 2010-04-13 17:03 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 22:59 . 2007-07-01 08:03 -------- d-----w- c:\documents and settings\\Application Data\Digidesign
2010-05-11 22:51 . 2010-04-10 23:32 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-11 16:52 . 2004-02-11 01:08 -------- d-----w- c:\program files\Arturia
2010-05-11 16:25 . 2008-08-05 16:09 -------- d-----w- c:\documents and settings\\Application Data\CoreFTP
2010-05-11 07:18 . 2009-10-11 18:43 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-11 07:18 . 2009-10-07 20:53 371776 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-05-11 07:18 . 2009-10-07 20:44 187456 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-05-11 07:18 . 2009-10-11 18:42 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-11 07:18 . 2009-10-07 20:44 887448 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-05-11 07:18 . 2009-10-07 20:44 57344 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-05-11 07:18 . 2009-10-07 20:44 2432064 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-05-10 22:08 . 2002-01-01 05:54 -------- d-----w- c:\documents and settings\\Application Data\uTorrent
2010-05-10 00:14 . 2010-02-11 21:21 -------- d-----w- c:\program files\MyDefrag v4.2.7
2010-05-07 10:07 . 2004-01-27 04:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-07 10:06 . 2007-07-26 16:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-07 10:06 . 2004-04-20 16:47 -------- d-----w- c:\program files\Lavasoft
2010-05-07 01:33 . 2008-04-13 07:01 -------- d-----w- c:\program files\Har-Bal 2.3
2010-05-06 23:52 . 2007-03-05 08:03 -------- d-----w- c:\program files\Common Files\Java
2010-05-06 23:52 . 2004-01-26 23:55 -------- d-----w- c:\program files\Java
2010-05-06 23:33 . 2007-01-30 01:19 28598560 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-06 23:32 . 2007-01-30 01:19 1094432 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-06 20:16 . 2008-03-04 11:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 02:35 . 2008-03-04 12:01 -------- d-----w- c:\program files\CCleaner
2010-05-06 01:45 . 2008-04-30 23:17 -------- d-----w- c:\documents and settings\\Application Data\SUPERAntiSpyware.com
2010-05-05 05:39 . 2008-11-24 05:54 -------- d-----w- c:\program files\Ultra Fractal 5
2010-05-05 05:39 . 2004-06-08 03:40 -------- d-----w- c:\program files\CDXTRACT4
2010-05-02 02:31 . 2004-06-03 04:44 -------- d-----w- c:\program files\YAMAHA
2010-05-02 02:31 . 2004-01-17 23:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 19:10 . 2010-02-24 03:48 -------- d-----w- c:\program files\EMI
2010-05-01 19:10 . 2004-10-01 02:32 -------- d-----w- c:\program files\FXpansion
2010-05-01 08:44 . 2008-05-02 01:37 -------- d-----w- c:\program files\Image-Line
2010-04-29 19:39 . 2008-08-27 23:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-08-27 23:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 00:03 . 2010-02-12 02:36 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-28 00:03 . 2009-10-11 18:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-16 00:11 . 2010-03-23 02:56 6579512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-15 03:41 . 2010-04-11 23:38 -------- d-----w- c:\documents and settings\\Application Data\Waves Preferences
2010-04-14 15:41 . 2010-03-03 21:54 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-14 15:41 . 2010-03-03 21:54 86800 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-04-14 15:41 . 2010-03-23 22:40 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-14 15:41 . 2010-03-03 21:54 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-14 15:41 . 2010-03-03 21:54 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-04-11 22:55 . 2004-10-19 02:11 -------- d-----w- c:\program files\HarBal 1.5
2010-04-11 22:53 . 2004-01-27 04:32 -------- d-----w- c:\program files\Waves Old
2010-04-10 23:32 . 2010-04-10 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-04-10 23:32 . 2007-08-18 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-04-10 23:30 . 2007-08-18 06:45 -------- d-----w- c:\program files\Comodo
2010-04-10 22:51 . 2007-08-18 06:48 -------- d-----w- c:\documents and settings\\Application Data\Comodo
2010-04-03 02:37 . 2010-04-03 02:37 -------- d-----w- c:\program files\PSPaudioware
2010-04-03 02:36 . 2010-04-03 02:36 -------- d-----w- c:\program files\Uninstall
2010-04-03 02:35 . 2004-12-03 15:05 204808 ----a-w- c:\documents and settings\\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 04:59 . 2010-04-02 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-04-02 04:58 . 2010-04-02 04:58 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-03-29 21:12 . 2010-03-25 19:01 461888 ----a-w- c:\documents and settings\\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-03-28 23:59 . 2008-06-24 02:00 -------- d-----w- c:\program files\u-he
2010-03-26 11:19 . 2010-02-12 00:18 -------- d-----w- c:\documents and settings\\Application Data\VST3 Presets
2010-03-23 00:19 . 2010-03-23 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Arturia
2010-03-23 00:15 . 2009-04-15 22:04 -------- d-----w- c:\program files\TurboTax
2010-03-21 08:28 . 2010-03-21 08:28 -------- d-----w- c:\program files\D16 Group
2010-03-16 19:26 . 2008-12-07 06:30 16 ----a-w- c:\windows\msocreg32.dat
2010-03-16 19:10 . 2004-01-18 05:22 -------- d-----w- c:\program files\Steinberg
2010-03-15 03:01 . 2008-04-02 06:15 -------- d-----w- c:\program files\DivX
2010-03-15 03:00 . 2010-03-15 03:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-11 12:38 . 2004-12-07 21:37 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-03-31 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 12:31 . 2009-08-04 16:07 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:17 . 2009-08-04 16:07 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2009-08-04 16:07 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2003-03-31 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 22:53 . 2010-02-11 22:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-11 12:01 . 2009-08-04 16:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-08-06 00:33 . 2009-08-06 00:33 5 ----a-w- c:\program files\eula.txt
2009-08-06 00:30 . 2009-08-06 00:30 3 ----a-w- c:\program files\option.txt
2005-09-10 01:55 . 2007-12-28 20:01 7155864 ----a-w- c:\program files\NGhost10.msi
2005-09-10 01:55 . 2007-12-28 20:01 35 ----a-w- c:\program files\SCSSDist.ini
2005-09-10 01:55 . 2007-12-28 20:01 37766164 ----a-w- c:\program files\Data1.cab
2002-09-11 14:26 . 2008-05-04 05:22 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2001-01-05 20:51 . 2004-10-05 00:00 162304 ----a-w- c:\program files\UNWISE.EXE
2008-08-29 01:55 . 2008-08-29 01:55 2 --shatr- c:\windows\winstart.bat
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2002-05-07 06:21 . 2008-01-13 22:25 49152 --shatw- c:\windows\system32\cwScopeProp.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-07_08.45.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-11 23:16 . 2010-05-11 23:16 16384 c:\windows\Temp\Perflib_Perfdata_504.dat
+ 2007-12-27 04:52 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2007-12-27 04:52 . 2007-11-30 09:39 17272 c:\windows\system32\spmsg.dll
- 2003-03-31 12:00 . 2010-03-14 16:38 99084 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2010-05-07 08:49 99084 c:\windows\system32\perfc009.dat
+ 2010-01-13 14:10 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2003-03-31 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2003-03-31 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2003-03-31 12:00 . 2010-05-07 08:49 542684 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2010-03-14 16:38 542684 c:\windows\system32\perfh009.dat
+ 2009-08-04 16:07 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2009-08-04 16:07 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2009-08-04 16:07 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2009-08-04 16:07 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2009-08-04 16:07 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-08-04 16:07 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2009-08-04 16:07 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-08-04 16:07 . 2010-02-16 13:19 2181376 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-08-04 16:07 . 2010-02-16 12:39 2016768 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-08-04 16:07 . 2010-02-16 12:39 2058368 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-08-04 16:07 . 2010-02-16 13:17 2137088 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-08-04 16:07 . 2010-02-16 13:19 2181376 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-08-04 16:07 . 2010-02-16 12:39 2016768 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-08-04 16:07 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-08-04 16:07 . 2010-02-16 13:17 2137088 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-05-11 05:50 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InitPulsar"="C:" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-14 2029456]

c:\documents and settings\\Start Menu\Programs\Startup\
SyncBackSE.lnk - c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-5-9 6281984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Lynx Tray Volume.lnk - c:\program files\Lynx Studio Technology\LynxTrayVolume.exe [2008-11-10 61440]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=unitydrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DigiRefresh"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"IDriverT"=3 (0x3)
"digiSPTIService"=3 (0x3)
"ATI Smart"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2/19/2009 3:48 PM 11264]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [3/3/2010 5:54 PM 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/23/2010 6:40 PM 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/3/2010 5:54 PM 25240]
R1 Scope;WDM Driver for Scope;c:\windows\system32\drivers\scope.sys [1/13/2008 6:25 PM 110048]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [1/16/2008 6:52 PM 49152]
R3 LynxWDM;LynxWDM;c:\windows\system32\drivers\LynxWDM.Sys [11/10/2008 9:17 PM 196744]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [1/16/2008 6:52 PM 102528]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/11/2010 11:46 PM 10384]
S3 2nixA;2nixA;c:\sfp\App\Sys\2nixA.sys [1/17/2004 7:31 PM 10016]
S3 2nixWDM;2nixWDM;c:\sfp\App\Sys\2nixWDM.sys [1/17/2004 7:31 PM 10112]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [4/9/2009 11:48 PM 52008]
S3 InvVxD;InvVxD;c:\sfp\App\Sys\InvVxD.sys [1/17/2004 7:31 PM 10784]
S3 KGPar2;KGPar2;c:\sfp\App\Sys\KGPar2.sys [1/17/2004 7:31 PM 22624]
S3 KGPar3;KGPar3;c:\sfp\App\Sys\KGPar3.sys [1/17/2004 7:31 PM 25472]
S3 MArrFifo;MArrFifo;c:\sfp\App\Sys\MArrFifo.sys [1/17/2004 7:31 PM 12640]
S3 MFifoArr;MFifoArr;c:\sfp\App\Sys\MFifoArr.sys [1/17/2004 7:31 PM 10400]
S3 MidiAck;MidiAck;c:\sfp\App\Sys\MidiAck.sys [1/17/2004 7:31 PM 10016]
S3 MVC2VxD;MVC2VxD;c:\sfp\App\Sys\MVC2VxD.sys [1/17/2004 7:31 PM 79264]
S3 MVCVxD;MVCVxD;c:\sfp\App\Sys\MVCVxD.sys [1/17/2004 7:31 PM 73792]
S3 PC2VxD;PC2VxD;c:\sfp\App\Sys\PC2VxD.sys [1/17/2004 7:31 PM 10208]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [10/23/2007 4:45 AM 269824]
S3 SASENUM;SASENUM;\??\c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 SDTHelper;Helper driver for SDT-Tool;c:\documents and settings\\My Documents\Downloads\radix_installer\SDTHLPR.sys [4/18/2010 7:57 PM 14873]
S3 Spl2VxD;Spl2VxD;c:\sfp\App\Sys\Spl2VxD.sys [1/17/2004 7:31 PM 15648]
S3 TPlay;TPlay;c:\sfp\App\Sys\TPlay.sys [1/17/2004 7:31 PM 11296]
S3 TPRSync;TPRSync;c:\sfp\App\Sys\TPRSync.sys [1/17/2004 7:31 PM 11520]
S3 TPSync;TPSync;c:\sfp\App\Sys\TPSync.sys [1/17/2004 7:31 PM 10592]
S3 TRec;TRec;c:\sfp\App\Sys\TRec.sys [1/17/2004 7:31 PM 12832]
S3 TRSync;TRSync;c:\sfp\App\Sys\TRSync.sys [1/17/2004 7:31 PM 10592]
S3 TStretch;TStretch;c:\sfp\App\Sys\TStretch.sys [1/17/2004 7:31 PM 44864]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [1/13/2008 6:20 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [1/13/2008 6:21 PM 22304]
S3 VDATMot;VDATMot;c:\sfp\App\Sys\VDATMot.sys [1/17/2004 7:31 PM 19168]
S3 VPlay;VPlay;c:\sfp\App\Sys\VPlay.sys [1/17/2004 7:31 PM 12544]
S3 VRec;VRec;c:\sfp\App\Sys\VRec.sys [1/17/2004 7:31 PM 12640]
S3 VSTin;VSTin;c:\sfp\App\Sys\VSTin.sys [1/17/2004 7:31 PM 12960]
S3 VSTout;VSTout;c:\sfp\App\Sys\VSTout.sys [1/17/2004 7:31 PM 12256]
S3 VSTsync;VSTsync;c:\sfp\App\Sys\VSTsync.sys [1/17/2004 7:31 PM 10272]
S3 VxD2PC;VxD2PC;c:\sfp\App\Sys\VxD2PC.sys [1/17/2004 7:31 PM 10304]
S3 WaveIn16;WaveIn16;c:\sfp\App\Sys\WaveIn16.sys [1/17/2004 7:31 PM 10176]
S3 WaveOut16;WaveOut16;c:\sfp\App\Sys\WaveOut16.sys [1/17/2004 7:31 PM 10176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/11/2010 6:53 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-179605362-725345543-1004.job
- c:\documents and settings\\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-31 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-PCM Native Reverb VST Plug-in - c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.exe
AddRemove-{B4691C58-2A6A-4AFA-960E-AEB767639E44} - c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 19:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f5,84,6e,ff,0a,70,cb,dc,96,36,3e,cb,bf,69,0b,cf,de,ef,41,ce,50,
2e,86,34,25,bd,b7,45,05,15,ee,68,9f,74,6d,f5,dd,5c,91,86,18,8e,f3,81,b9,20,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f5,84,6e,ff,0a,70,cb,dc,96,36,3e,cb,bf,69,0b,cf,de,ef,41,ce,50,
2e,86,34,25,bd,b7,45,05,15,ee,68,9f,74,6d,f5,dd,5c,91,86,18,8e,f3,81,b9,20,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1528)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\sfp\app\bin\sfp.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\PnkBstrB.exe
.
**************************************************************************
.
Completion time: 2010-05-11 19:20:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-11 23:20
ComboFix2.txt 2010-05-10 23:54
ComboFix3.txt 2010-05-07 08:55
ComboFix4.txt 2010-05-07 08:48

Pre-Run: 255,705,481,216 bytes free
Post-Run: 255,660,560,384 bytes free

- - End Of File - - A5EE82E371BC83E0391CE5D665BB2DD8


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 12 May 2010 - 05:35 PM

Hello, mojopin.

OK, that's what I thought the program was, but it wasn't too apparent from my research. That should be legit.

How is your comptuer running now?



Please pull anything out of hte recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.



Step 1

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
    O18 - Protocol\Handler\ms-its - No CLSID value found
    @Alternate Data Stream - 970 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uAjA4s0c51esWCQSdzOLx8hig
    @Alternate Data Stream - 1386 bytes -> C:\Program Files\Outlook Express:0c6nzwtAeGO3BQ3B0gwAs1W
    @Alternate Data Stream - 1331 bytes -> C:\Documents and Settings\Local Settings\Application Data\NZTwkDLG2:lvnEnnajQv4vtJV3igf8u
    @Alternate Data Stream - 1324 bytes -> C:\Documents and Settings\Local Settings\Application Data\oLw4FrdJLltxl:XNDUY8XiPvC0HOHHvxsq3HnV
    @Alternate Data Stream - 1285 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:rfUI426URDzmhh3eVcSppvET
    @Alternate Data Stream - 1226 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:KI5r347nHPiDqH8UsF5JSPn
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 1198 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ZpWSUfOdFiOk2G2yUkQuxLUh
    @Alternate Data Stream - 1160 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:1sNP0gqLi0RIFbmXt6aoqICLZ
    @Alternate Data Stream - 1153 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:M4kDDd2DVUPg0G11eFtxy9
    @Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:7Z592ovPtZcL7h5iBHE
    @Alternate Data Stream - 1123 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Br068ctPRSm3Fi6Qfh7dD
    @Alternate Data Stream - 1113 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:oFvCewpNbSNmfto4neneiE5j
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 1037 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Vq4ZXxt4758192QRJMvS1PyxM9
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 mojopin

mojopin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 13 May 2010 - 01:43 AM

Hi - Everything is running well thanks. Here are the logs:

All processes killed
========== OTL ==========
Service ACDaemon stopped successfully!
Service ACDaemon deleted successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-its\ deleted successfully.
File Protocol\Handler\ms-its - No CLSID value found not found.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:uAjA4s0c51esWCQSdzOLx8hig deleted successfully.
ADS C:\Program Files\Outlook Express:0c6nzwtAeGO3BQ3B0gwAs1W deleted successfully.
Unable to delete ADS C:\Documents and Settings\Local Settings\Application Data\NZTwkDLG2:lvnEnnajQv4vtJV3igf8u .
Unable to delete ADS C:\Documents and Settings\Local Settings\Application Data\oLw4FrdJLltxl:XNDUY8XiPvC0HOHHvxsq3HnV .
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:rfUI426URDzmhh3eVcSppvET deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:KI5r347nHPiDqH8UsF5JSPn deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:ZpWSUfOdFiOk2G2yUkQuxLUh deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:1sNP0gqLi0RIFbmXt6aoqICLZ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:M4kDDd2DVUPg0G11eFtxy9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:7Z592ovPtZcL7h5iBHE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:Br068ctPRSm3Fi6Qfh7dD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:oFvCewpNbSNmfto4neneiE5j deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:Vq4ZXxt4758192QRJMvS1PyxM9 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 9
->Temp folder emptied: 9583 bytes
->Temporary Internet Files folder emptied: 144594 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88767681 bytes
->Flash cache emptied: 8637 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 85.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05122010_224230

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 5/12/2010 10:45:32 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\9\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 238.22 Gb Free Space | 85.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 199.00 Gb Free Space | 42.73% Space Free | Partition Type: NTFS
Drive F: | 279.46 Gb Total Space | 98.72 Gb Free Space | 35.33% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOY
Current User Name:
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/09 16:30:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
PRC - [2010/04/14 11:41:01 | 002,029,456 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2010/04/14 11:40:57 | 001,769,216 | ---- | M] () -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2010/04/02 23:03:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/21 10:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint II\SetPointII.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/05/21 14:25:15 | 001,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/03/24 18:55:30 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2008/11/18 12:09:10 | 006,281,984 | ---- | M] (2BrightSparks Pte Ltd) -- C:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
PRC - [2008/06/27 17:48:34 | 000,061,440 | ---- | M] (Lynx Studio Technology, Inc.) -- C:\Program Files\Lynx Studio Technology\LynxTrayVolume.exe
PRC - [2008/06/15 16:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/02 13:20:46 | 000,049,152 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
PRC - [2004/03/09 12:50:32 | 000,020,480 | ---- | M] (CreamWare GmbH) -- C:\SFP\App\Bin\SFP.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 16:30:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
MOD - [2010/04/14 11:41:25 | 000,277,240 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/14 11:40:57 | 001,769,216 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/14 18:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/06/15 16:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/02/16 19:49:50 | 000,411,168 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/02/01 10:29:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/12/02 13:20:46 | 000,049,152 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe -- (MAudioUSBService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/11 03:18:16 | 000,139,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/04/18 19:57:24 | 000,014,873 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\\My Documents\Downloads\radix_installer\SDTHLPR.sys -- (SDTHelper)
DRV - [2010/04/14 11:41:24 | 000,086,800 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/04/14 11:41:23 | 000,225,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/04/14 11:41:23 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/04/14 11:41:23 | 000,015,464 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/02/11 18:53:34 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/18 01:27:45 | 000,052,008 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009/06/17 10:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 10:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/04/09 23:47:58 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/03/27 11:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/14 18:36:56 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/09/14 18:36:54 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/06/27 17:48:30 | 000,196,744 | ---- | M] (Lynx Studio Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LynxWDM.Sys -- (LynxWDM)
DRV - [2008/01/15 18:13:24 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/01/15 18:13:24 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/15 18:12:57 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/10/23 04:45:34 | 000,269,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2007/07/13 01:04:06 | 000,022,304 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbkt1x1.sys -- (USBKT1X1)
DRV - [2007/07/13 01:04:06 | 000,013,504 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2007/07/02 16:08:08 | 000,015,616 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2007/03/24 12:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/12/14 04:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/29 23:02:26 | 000,174,864 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/26 10:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/02/07 20:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/12/13 14:39:54 | 000,102,528 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mausb.sys -- (MAUSB) Service for M-Audio Fast Track Pro Driver (WDM)
DRV - [2005/04/06 16:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/02/16 03:06:18 | 000,018,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2004/08/13 12:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 02:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/07/05 21:19:12 | 000,110,048 | ---- | M] (CWDT) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scope.sys -- (Scope)
DRV - [2002/05/03 19:55:28 | 000,044,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TStretch.sys -- (TStretch)
DRV - [2002/04/26 21:53:20 | 000,010,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\WaveOut16.sys -- (WaveOut16)
DRV - [2002/04/17 22:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\asapi.sys -- (Asapi)
DRV - [2002/03/09 19:18:20 | 000,010,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VxD2PC.sys -- (VxD2PC)
DRV - [2002/03/09 19:18:20 | 000,010,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\WaveIn16.sys -- (WaveIn16)
DRV - [2002/03/09 19:18:12 | 000,012,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VSTout.sys -- (VSTout)
DRV - [2002/03/09 19:18:12 | 000,010,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VSTsync.sys -- (VSTsync)
DRV - [2002/03/09 19:18:10 | 000,012,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VSTin.sys -- (VSTin)
DRV - [2002/03/09 19:18:06 | 000,019,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VDATMot.sys -- (VDATMot)
DRV - [2002/03/09 19:18:06 | 000,012,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VRec.sys -- (VRec)
DRV - [2002/03/09 19:18:06 | 000,012,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\VPlay.sys -- (VPlay)
DRV - [2002/03/09 19:18:04 | 000,012,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TRec.sys -- (TRec)
DRV - [2002/03/09 19:18:04 | 000,011,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TPRSync.sys -- (TPRSync)
DRV - [2002/03/09 19:18:04 | 000,010,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TRSync.sys -- (TRSync)
DRV - [2002/03/09 19:18:02 | 000,015,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\Spl2VxD.sys -- (Spl2VxD)
DRV - [2002/03/09 19:18:02 | 000,011,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TPlay.sys -- (TPlay)
DRV - [2002/03/09 19:18:02 | 000,010,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\TPSync.sys -- (TPSync)
DRV - [2002/03/09 19:17:58 | 000,079,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\MVC2VxD.sys -- (MVC2VxD)
DRV - [2002/03/09 19:17:58 | 000,073,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\MVCVxD.sys -- (MVCVxD)
DRV - [2002/03/09 19:17:58 | 000,010,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\PC2VxD.sys -- (PC2VxD)
DRV - [2002/03/09 19:17:54 | 000,012,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\MArrFifo.sys -- (MArrFifo)
DRV - [2002/03/09 19:17:54 | 000,010,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\MFifoArr.sys -- (MFifoArr)
DRV - [2002/03/09 19:17:52 | 000,025,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\KGPar3.sys -- (KGPar3)
DRV - [2002/03/09 19:17:52 | 000,010,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\MidiAck.sys -- (MidiAck)
DRV - [2002/03/09 19:17:50 | 000,022,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\KGPar2.sys -- (KGPar2)
DRV - [2002/03/09 19:17:50 | 000,010,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\InvVxD.sys -- (InvVxD)
DRV - [2002/03/09 19:17:44 | 000,010,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\2nixWDM.sys -- (2nixWDM)
DRV - [2002/03/09 19:17:44 | 000,010,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- c:\SFP\App\Sys\2nixA.sys -- (2nixA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1060284298-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 20:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/06 19:48:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/02/07 16:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/04/23 02:20:37 | 000,000,000 | ---D | M]

[2008/08/27 23:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Mozilla\Extensions
[2010/05/06 19:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions
[2010/02/17 22:47:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 16:08:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/03 19:24:59 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\gbkvfwt2.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/05/06 19:53:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/22 23:48:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/07/30 23:18:53 | 000,000,000 | ---D | M] (New.net Quick! Search) -- C:\Program Files\Mozilla Firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}
[2010/05/06 19:48:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/08/15 22:08:09 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/05/11 19:16:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [InitPulsar] C:\SFP\app\bin\sfp.exe (CreamWare GmbH)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\SyncBackSE.lnk = C:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe (2BrightSparks Pte Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lynx Tray Volume.lnk = C:\Program Files\Lynx Studio Technology\LynxTrayVolume.exe (Lynx Studio Technology, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk = C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-179605362-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1060284298-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} https://actsvr.comcastonline.com/techtools/...%20Controls.cab (SupportSoft External Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1265931467984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1265931458562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8003.6515972222 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/16 04:36:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 22:42:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/12 22:42:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/09 16:30:24 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
[2010/05/07 04:34:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/07 04:09:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/07 04:06:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/06 20:53:56 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/05/06 20:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/06 20:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/06 19:53:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\\Recent
[2010/05/06 19:48:11 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/06 19:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/06 19:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/05/06 19:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/06 19:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/06 00:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Desktop\ProcessExplorer
[2010/05/05 01:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/05 01:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/05 01:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\madsdgocp
[2010/05/03 22:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Desktop\Ballet
[2010/05/03 18:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\KORG
[2010/05/01 17:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Modartt
[2010/05/01 17:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Modartt
[2010/05/01 15:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\My Documents\FXpansion
[2010/05/01 15:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\FXpansion
[2010/05/01 03:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\SynthMaker
[2010/05/01 03:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\XILS-lab
[2010/05/01 02:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Teragon Audio
[2010/04/27 20:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/04/26 17:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Mp3tag
[2010/04/26 17:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2010/04/15 00:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Desktop\Audio
[2004/01/23 00:52:04 | 000,021,510 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI1PL.SYS
[2004/01/23 00:52:04 | 000,008,647 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\SCI0PL.SYS
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/12 22:43:36 | 000,203,685 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/12 22:43:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/12 22:43:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/12 22:42:42 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/05/12 22:42:38 | 042,467,328 | ---- | M] () -- C:\Documents and Settings\\NTUSER.DAT
[2010/05/12 22:42:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\\ntuser.ini
[2010/05/12 18:39:29 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-179605362-725345543-1004.job
[2010/05/11 20:47:49 | 000,189,602 | ---- | M] () -- C:\Documents and Settings\\Desktop\se1x_manual.pdf
[2010/05/11 19:16:46 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/11 19:16:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/11 19:10:09 | 003,686,521 | R--- | M] () -- C:\Documents and Settings\\Desktop\MOJOCF.EXE.exe
[2010/05/11 04:08:06 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\\My Documents\pm.xls
[2010/05/11 03:18:16 | 000,139,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/11 03:18:06 | 000,214,720 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/05/10 22:12:02 | 000,000,049 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/05/09 16:30:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
[2010/05/07 05:07:18 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/07 05:00:59 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/07 04:49:13 | 000,652,798 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/07 04:49:13 | 000,542,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/07 04:49:13 | 000,099,084 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/07 04:34:37 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/06 23:11:44 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\\defogger_reenable
[2010/05/06 22:37:15 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\\Desktop\dds.scr
[2010/05/06 22:07:18 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\\Desktop\HijackThis.lnk
[2010/05/06 20:54:54 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/06 20:53:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/05/06 19:53:31 | 000,002,858 | ---- | M] () -- C:\Documents and Settings\\My Documents\cc_20100506_195328.reg
[2010/05/06 19:42:57 | 000,086,426 | ---- | M] () -- C:\Documents and Settings\\My Documents\cc_20100506_194254.reg
[2010/05/06 19:33:17 | 028,598,560 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/06 19:32:29 | 001,094,432 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/05/03 18:40:13 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/05/03 15:35:32 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\\My Documents\bj32.doc
[2010/05/03 14:22:53 | 003,355,194 | ---- | M] () -- C:\Documents and Settings\\Desktop\logfile.xml
[2010/05/01 18:36:32 | 000,001,176 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/01 15:10:02 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\\Desktop\Cypher.lnk
[2010/05/01 15:10:01 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\\Desktop\Strobe.lnk
[2010/05/01 15:10:01 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\\Desktop\Fusor.lnk
[2010/05/01 15:10:01 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\\Desktop\Amber.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 20:03:14 | 002,373,712 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/04/26 17:50:07 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/23 02:20:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/14 11:41:25 | 000,277,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010/04/14 11:41:24 | 000,086,800 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010/04/14 11:41:23 | 000,225,344 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2010/04/14 11:41:23 | 000,025,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2010/04/14 11:41:23 | 000,015,464 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys

========== Files Created - No Company Name ==========

[2010/05/11 19:10:06 | 003,686,521 | R--- | C] () -- C:\Documents and Settings\\Desktop\MOJOCF.EXE.exe
[2010/05/07 05:04:48 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/07 04:34:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/07 04:34:34 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/07 04:09:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/07 04:09:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/06 23:11:39 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\\defogger_reenable
[2010/05/06 22:40:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\\Desktop\gmer.exe
[2010/05/06 22:37:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\\Desktop\dds.scr
[2010/05/06 22:07:18 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\\Desktop\HijackThis.lnk
[2010/05/06 20:45:42 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/06 19:53:29 | 000,002,858 | ---- | C] () -- C:\Documents and Settings\\My Documents\cc_20100506_195328.reg
[2010/05/06 19:42:56 | 000,086,426 | ---- | C] () -- C:\Documents and Settings\\My Documents\cc_20100506_194254.reg
[2010/05/06 18:56:47 | 000,238,151 | ---- | C] () -- C:\Documents and Settings\\Desktop\Genscher.gif
[2010/05/06 18:55:45 | 002,468,916 | ---- | C] () -- C:\Documents and Settings\\Desktop\Genscher.tif
[2010/05/03 15:35:32 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\\My Documents\bj32.doc
[2010/05/01 15:10:01 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\\Desktop\Strobe.lnk
[2010/05/01 15:10:01 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\\Desktop\Cypher.lnk
[2010/05/01 15:10:01 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\\Desktop\Fusor.lnk
[2010/05/01 15:10:01 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\\Desktop\Amber.lnk
[2010/05/01 02:20:30 | 003,355,194 | ---- | C] () -- C:\Documents and Settings\\Desktop\logfile.xml
[2010/04/26 17:50:07 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2010/04/22 23:19:44 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/02 22:37:44 | 004,030,464 | ---- | C] () -- C:\WINDOWS\System32\PSP Xenon.dll
[2010/04/02 22:37:22 | 004,431,872 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon HR.dll
[2010/04/02 22:37:21 | 004,337,664 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon.dll
[2009/10/11 14:43:22 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/07 16:49:36 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/08/09 23:37:18 | 000,000,090 | ---- | C] () -- C:\WINDOWS\WA.INI
[2008/11/22 01:35:18 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/16 20:42:46 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2008/06/16 20:42:46 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/05/04 01:22:13 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/05/03 05:20:59 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2008/05/03 04:57:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/04/18 04:38:35 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2008/01/13 18:25:59 | 000,049,152 | -HS- | C] () -- C:\WINDOWS\System32\cwScopeProp.dll
[2008/01/03 23:17:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/12/29 17:25:15 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/12/29 17:14:33 | 000,029,637 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/12/29 16:00:59 | 000,029,922 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/12/29 04:12:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/12/29 04:12:18 | 000,012,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/12/28 21:31:49 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/11/29 02:40:55 | 000,002,420 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007/09/08 22:54:51 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/08/16 18:57:27 | 000,000,026 | R--- | C] () -- C:\WINDOWS\System32\system82.sys
[2007/08/16 18:57:26 | 000,000,026 | R--- | C] () -- C:\WINDOWS\System32\system82.DLL
[2007/08/16 18:57:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\sysdate82.ini
[2007/08/16 18:17:50 | 000,000,026 | R--- | C] () -- C:\WINDOWS\System32\system32.DLL
[2007/08/16 18:16:39 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\sysdate.ini
[2007/08/13 17:14:16 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/13 17:14:16 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/13 17:14:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/13 17:14:12 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 17:14:11 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/07/11 00:47:55 | 000,000,485 | ---- | C] () -- C:\WINDOWS\sam8_d.INI
[2007/07/11 00:42:42 | 000,001,188 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/07/01 03:50:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2007/07/01 02:17:22 | 000,000,836 | ---- | C] () -- C:\WINDOWS\System32\Gui.ini
[2007/07/01 02:17:22 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\MidiCC.ini
[2007/07/01 00:32:27 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/01/29 10:18:46 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/29 10:17:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/17 07:57:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2006/07/17 07:57:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2006/06/02 17:15:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/05/24 12:37:27 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/02/24 03:41:59 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 03:41:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 11:36:20 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 11:36:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 11:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2005/04/15 19:01:43 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2005/04/13 14:41:02 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\SWFGen.dll
[2004/12/03 10:58:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\dbghist.ini
[2004/12/03 10:55:47 | 000,000,439 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/10/15 23:49:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/29 22:34:51 | 000,001,615 | ---- | C] () -- C:\WINDOWS\TrueRTA.INI
[2004/09/20 23:17:15 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\pdxrkt3.dll
[2004/06/21 20:43:19 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/06/21 20:39:57 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/06/21 20:39:56 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/06/21 20:39:32 | 000,000,156 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/04/24 19:26:52 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Ucalc32.dll
[2004/04/14 20:41:32 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/04/14 20:41:32 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/04/14 20:41:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2004/04/14 20:41:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2004/02/04 23:36:42 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2004/02/02 23:42:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/02/01 23:41:15 | 000,022,239 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/01/26 20:06:35 | 000,000,072 | ---- | C] () -- C:\WINDOWS\vcam3000.INI
[2004/01/24 22:01:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2004/01/23 02:19:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/23 01:46:35 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/01/21 02:07:47 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2004/01/21 02:07:47 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[2004/01/21 02:05:19 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/01/20 21:06:59 | 000,028,108 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004/01/20 21:02:04 | 016,371,712 | ---- | C] () -- C:\WINDOWS\System32\AbsynthIAC.dll
[2004/01/19 23:52:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/17 22:25:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/01/17 19:22:14 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2003/11/17 17:57:38 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\FDlg.dll
[2003/03/31 08:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2003/02/20 11:59:52 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\TidyATL.dll
[2002/10/04 02:01:42 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/01/01 01:05:02 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 1331 bytes -> C:\Documents and Settings\\Local Settings\Application Data\NZTwkDLG2:lvnEnnajQv4vtJV3igf8u
@Alternate Data Stream - 1324 bytes -> C:\Documents and Settings\\Local Settings\Application Data\oLw4FrdJLltxl:XNDUY8XiPvC0HOHHvxsq3HnV
< End of report >

ESET log:

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\inspect.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\System Volume Information\_restore{B4C7A8AC-C87D-48B8-B28E-D2663CEB63E8}\RP461\A0221583.exe probably a variant of Win32/Agent trojan cleaned by deleting (after the next restart) - quarantined
C:\System Volume Information\_restore{B4C7A8AC-C87D-48B8-B28E-D2663CEB63E8}\RP461\A0221584.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B4C7A8AC-C87D-48B8-B28E-D2663CEB63E8}(2)\RP456\A0218748.EXE probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B4C7A8AC-C87D-48B8-B28E-D2663CEB63E8}(2)\RP456\A0220156.sys Win32/Olmarik.ZC trojan cleaned - quarantined


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 13 May 2010 - 05:25 PM

Hello, mojopin.

Ok, your computer appears clean. None of the ESET hits were active. If your computer is still running well, please do step 1 below.

Important: You have service pack 2. Updating to SP3 is a major upgrade and your computer should be backed up before upgrading. Please install any OTHER critical updates except for SP3. I recommend you install SP3 at some point, however.


Step 1

Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites
Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 mojopin

mojopin
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 13 May 2010 - 06:35 PM

Hi - I did everything you asked and will implement your optional procedures. I know I need to update to sp3 but last time i tried i was getting an installation error. I will work to resolve that and get it done. Thank you for all of your help. thumbup.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users