Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine redirect


  • This topic is locked This topic is locked
13 replies to this topic

#1 Oleg999

Oleg999

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 14 May 2010 - 02:19 PM

Search results do not open at the right page. Please help. Have ComboFix log ready. Ran all possible scans already.

Can anyone help? Please!!!

DDS (Ver_10-03-17.01) - NTFSx86
Run by Oleg at 16:43:09.95 on Fri 05/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.1022.245 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
SVCHOST.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Oleg\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {123D819D-1E24-4AE4-8448-8CE70A1FD8E5} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {38DFDADF-BA43-4C43-7890-ADE6777666BB} - No File
BHO: {444986A2-9E58-4EFD-9C91-C5E507504BB3} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: {6C7F0598-4B08-44BC-88CD-1F99BF050D45} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
BHO: {7E4C9C65-06FD-4CEB-8A68-D79D754D4DB2} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A39F3AB1-EC18-4577-A6F3-505DD8D1ECDB} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: {E057A3EC-38BC-4359-921D-5DF50F9AEA71} - No File
TB: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\progra~1\icqtoo~1\toolbaru.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [WatchDog] c:\program files\mobile phonetools\WatchDog.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\oleg\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Register Candidate - c:\program files\crsstation\HookSelectedTextSvc.exe/CONTEXT_HANDLE.HTM
IE: Send To &Bluetooth - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\documents and settings\anna's folder\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: adeasolutions.com\mail
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxps://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://eagleproductivity.webex.com/client/T27L/training/ieatgpc.cab
TCP: {68C8B9EA-93DF-4134-A08B-FF48F6BA78D3} = 75.75.75.75,75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\oleg\applic~1\mozilla\firefox\profiles\8s7x15ru.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-11 218592]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-2 310320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-11 164048]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-5-11 3968]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-2 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-2 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100505.001\IDSXpx86.sys [2010-5-7 329592]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-3-4 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 68168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-11 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-11 40384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-5-11 112592]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-9-6 46112]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-2 117640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-11 40384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-5 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100514.005\NAVENG.SYS [2010-5-14 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100514.005\NAVEX15.SYS [2010-5-14 1347504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-3-4 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-3-4 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-3-4 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-3-4 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-14 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-11 1142224]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-05-14 15:53:07 98816 ----a-w- c:\windows\sed.exe
2010-05-14 15:53:07 77312 ----a-w- c:\windows\MBR.exe
2010-05-14 15:53:07 256512 ----a-w- c:\windows\PEV.exe
2010-05-14 15:53:07 161792 ----a-w- c:\windows\SWREG.exe
2010-05-11 15:15:48 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-05-11 15:15:48 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-11 15:15:47 882 ----a-w- c:\windows\RegSDImport.xml
2010-05-11 15:15:47 879 ----a-w- c:\windows\RegISSImport.xml
2010-05-11 15:15:46 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-11 15:15:46 131 ----a-w- c:\windows\IDB.zip
2010-05-11 15:15:46 1152444 ----a-w- c:\windows\UDB.zip
2010-05-11 15:15:45 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-11 15:15:45 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-11 15:15:45 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-05-11 15:13:00 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-05-11 15:13:00 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-11 15:12:36 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-11 15:12:36 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-05-11 15:12:36 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-05-11 15:12:36 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-11 15:12:07 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-05-11 15:12:07 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-11 15:11:47 0 d-----w- c:\program files\common files\PC Tools
2010-05-11 15:11:46 0 d-----w- c:\program files\Spyware Doctor
2010-05-11 15:11:46 0 d-----w- c:\docume~1\oleg\applic~1\PC Tools
2010-05-11 15:11:46 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-05-11 14:46:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-11 13:13:51 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-05-05 18:57:46 226728 ----a-r- c:\windows\system32\cpnprt2.cid
2010-05-05 18:57:43 0 d-----w- c:\windows\Cache
2010-05-05 18:57:40 0 d-----w- c:\program files\Coupons

==================== Find3M ====================

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 13:51:54 122 ---ha-w- c:\docume~1\oleg\applic~1\Balzo.dat
2010-04-13 12:32:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-30 21:36:49 65088 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-02 23:06:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-02 23:06:26 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2003-08-27 19:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
2009-05-11 16:43:28 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:44:32.76 ===============

Merged posts. ~ OB

Edited by Orange Blossom, 14 May 2010 - 05:16 PM.


BC AdBot (Login to Remove)

 


#2 Oleg999

Oleg999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 15 May 2010 - 10:28 AM

up

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 15 May 2010 - 10:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 Oleg999

Oleg999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 17 May 2010 - 07:48 AM

OTL logfile created on: 5/17/2010 7:52:07 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Oleg\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 513.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.10 Gb Total Space | 2.44 Gb Free Space | 1.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 469.73 Mb Total Space | 278.77 Mb Free Space | 59.35% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Unable to calculate disk information.

Computer Name: NDell
Current User Name: Oleg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 15:03:38 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oleg\Desktop\OTL.exe
PRC - [2010/05/10 11:32:39 | 002,017,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/13 08:32:40 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/02 19:06:33 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/10/08 13:13:52 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/16 10:30:38 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/07 15:28:32 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe
PRC - [2006/09/22 12:50:20 | 000,122,880 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2005/09/28 15:30:28 | 000,036,864 | ---- | M] () -- C:\Program Files\mobile PhoneTools\WatchDog.exe
PRC - [2005/09/03 16:18:30 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/05/25 17:20:10 | 000,036,864 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\EXPLORER.EXE
PRC - [2004/08/04 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\INETSRV\davcdata.exe
PRC - [2004/08/04 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
PRC - [2004/03/23 14:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/03/23 14:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/03/11 11:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2003/09/17 12:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 03:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [2003/06/03 11:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2002/12/16 16:51:24 | 000,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 15:03:38 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oleg\Desktop\OTL.exe
MOD - [2010/03/02 19:06:21 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\asOEHook.dll
MOD - [2004/08/04 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.DLL
MOD - [2004/08/04 07:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSVCP60.DLL
MOD - [2004/08/04 07:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSSCRIPT.OCX
MOD - [2003/11/13 20:19:06 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL
MOD - [2003/06/03 11:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/06/03 11:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (btwdins)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/03/02 19:06:33 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2008/04/25 16:59:42 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/09/22 12:50:20 | 000,122,880 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2005/10/20 11:54:16 | 000,126,976 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe -- (QuickBooksDB)
SRV - [2004/08/04 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (W3SVC)
SRV - [2004/08/04 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/04 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (MSFtpsvc)
SRV - [2004/08/04 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (IISADMIN)
SRV - [2004/03/23 14:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2002/08/01 10:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 11:32:39 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/10 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100516.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100516.025\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/06 18:40:02 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/02 19:06:39 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/02 19:06:35 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/03/02 19:06:35 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/03/02 19:06:35 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/03/02 19:06:35 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/03/02 19:06:35 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/02 19:06:35 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - [2010/03/02 19:06:35 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys -- (SymIM)
DRV - [2010/03/02 19:06:35 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/03/02 19:06:35 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/03/02 19:06:34 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/02 19:06:34 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/02 04:59:26 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/02/23 18:44:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/23 18:44:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/28 18:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/09/29 13:50:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/05/25 15:22:30 | 000,083,552 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2007/04/05 11:55:16 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/31 09:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 08:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys -- (AvgArCln)
DRV - [2005/10/17 16:45:42 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nvport.sys -- (nvport)
DRV - [2005/10/17 16:37:22 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2005/07/20 14:35:00 | 000,036,480 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys -- (P2k)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/12/13 10:44:04 | 000,014,848 | ---- | M] (NVIDIA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nvndis.sys -- (NvNdis)
DRV - [2004/11/11 19:11:00 | 002,824,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/12 17:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 19:29:14 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
DRV - [2004/08/06 12:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/08/04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2004/08/03 23:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2004/08/03 23:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/07/13 12:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 12:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2004/07/13 12:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 12:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 12:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 12:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 19:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/23 14:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/11/12 22:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/09/11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\iviaspi.sys -- (Iviaspi)
DRV - [2003/05/16 11:50:00 | 000,072,893 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/05/16 11:50:00 | 000,053,869 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/05/16 11:50:00 | 000,037,883 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/05/16 11:50:00 | 000,025,213 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13610
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.ftp: "195.254.168.1"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "195.254.168.1"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "195.254.168.1"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "195.254.168.1"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "195.254.168.1"
FF - prefs.js..network.proxy.ssl_port: 80


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/18 11:58:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/05 14:57:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/05 14:57:43 | 000,000,000 | ---D | M]

[2008/09/04 09:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oleg\Application Data\Mozilla\Extensions
[2010/05/11 10:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oleg\Application Data\Mozilla\Firefox\Profiles\8s7x15ru.default\extensions
[2008/05/07 19:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Oleg\Application Data\Mozilla\Firefox\Profiles\8s7x15ru.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/05/11 10:50:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Oleg\Application Data\Mozilla\Firefox\Profiles\8s7x15ru.default\searchplugins\icqplugin-1.xml
[2008/07/16 11:17:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Oleg\Application Data\Mozilla\Firefox\Profiles\8s7x15ru.default\searchplugins\icqplugin-2.xml
[2008/07/23 10:01:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Oleg\Application Data\Mozilla\Firefox\Profiles\8s7x15ru.default\searchplugins\icqplugin-3.xml
[2008/02/19 18:16:46 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Oleg\Application Data\Mozilla\Firefox\Profiles\8s7x15ru.default\searchplugins\icqplugin.xml
[2010/05/14 16:15:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/11 10:40:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2009/11/20 16:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/11/20 16:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/03/24 20:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/05/14 12:24:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {123D819D-1E24-4AE4-8448-8CE70A1FD8E5} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {38DFDADF-BA43-4C43-7890-ADE6777666BB} - No CLSID value found.
O2 - BHO: (no name) - {444986A2-9E58-4EFD-9C91-C5E507504BB3} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (no name) - {6C7F0598-4B08-44BC-88CD-1F99BF050D45} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E4C9C65-06FD-4CEB-8A68-D79D754D4DB2} - No CLSID value found.
O2 - BHO: (no name) - {A39F3AB1-EC18-4577-A6F3-505DD8D1ECDB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E057A3EC-38BC-4359-921D-5DF50F9AEA71} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\BTHPROPS.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\Oleg\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\NPJPI150_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Anna's Folder\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: adeasolutions.com ([mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: adeasolutions.com ([mail] https in Trusted sites)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrab...rabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/f/0...tualEarth3D.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab (CentrinoCheck Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab (Reg Error: Key error.)
O16 - DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} https://www.costcophotocenter.com/upload/ac...veX_Control.cab? (Photo Upload Plugin Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://eagleproductivity.webex.com/client/...ing/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\EXPLORER.EXE (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\opnlMGXP: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Oleg\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/21 15:06:59 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "AOL ACS"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk - C:\PROGRA~1\AMERIC~1.0\aoltray.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpReg: OrderReminder - hkey= - key= - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Reg Error: Value error.
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Reg Error: Value error.
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Reg Error: Value error.
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0E34DE40-4A46-DD02-AADE-38F515E571A4} - Internet Explorer
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {109538B7-49CA-492D-B803-695B78309F8C} - Viewpoint Media Player
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {63722AA0-E6BD-8D5E-2CA2-6622F758BDA2} - Viewpoint Media Player
ActiveX: {69132DB9-B1E6-3F4C-9CC2-9AEC7BD9F5CF} - Microsoft Windows Media Player
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8EFA4753-7169-4CC3-A28B-0A1643B8A39B} - Microsoft .NET Framework 1.1 Hotfix (KB886903)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\Iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\L3CODECA.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\ICCVID.DLL (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\WINDOWS\System32\MPG4C32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005/03/09 11:10:52 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/17 07:51:04 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Oleg\Desktop\OTL.exe
[2010/05/14 11:53:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/14 11:53:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/14 11:53:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/14 11:53:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/14 11:52:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/14 11:52:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/11 11:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oleg\Local Settings\Application Data\Threat Expert
[2010/05/11 11:15:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/05/11 11:15:45 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/05/11 11:15:45 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/05/11 11:15:45 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/05/11 11:13:00 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/05/11 11:12:36 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/05/11 11:12:36 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/05/11 11:12:07 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/05/11 11:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/11 11:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/05/11 11:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oleg\Application Data\PC Tools
[2010/05/11 11:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/05/11 11:10:06 | 034,595,048 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Oleg\Desktop\7.0.0.538f-sdsetup.exe
[2010/05/11 10:46:28 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/11 10:46:28 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/11 10:46:28 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/11 10:46:27 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/11 10:46:26 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/11 10:46:26 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/11 10:46:25 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/11 10:46:08 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/11 10:46:08 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/11 10:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/11 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/11 09:13:51 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2010/05/11 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2010/05/05 14:57:46 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/05 14:57:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010/05/05 14:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/05/04 21:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oleg\Local Settings\Application Data\fpsuijimp
[2010/05/04 21:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oleg\Local Settings\Application Data\ucbviqutx
[2005/03/09 11:44:24 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2003/12/09 14:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/17 07:50:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/17 05:11:14 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/05/17 05:11:14 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/05/17 05:11:14 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/05/17 05:11:14 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/05/17 05:11:14 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/17 05:11:14 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/17 05:11:14 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/05/17 05:11:14 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/05/17 04:10:08 | 004,933,091 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF
[2010/05/15 15:50:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/14 16:40:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Oleg\Desktop\dds.scr
[2010/05/14 16:21:26 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/05/14 16:19:33 | 000,016,052 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/14 16:18:47 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3482192361-3212699172-3167445760-1005.job
[2010/05/14 16:15:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/14 16:15:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/14 16:15:19 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/14 16:14:09 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/05/14 16:14:07 | 015,728,640 | -H-- | M] () -- C:\Documents and Settings\Oleg\NTUSER.DAT
[2010/05/14 16:14:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Oleg\NTUSER.INI
[2010/05/14 12:26:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/14 12:24:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/14 11:14:36 | 003,688,883 | R--- | M] () -- C:\Documents and Settings\Oleg\Desktop\ComboFix.exe
[2010/05/14 07:57:47 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/05/13 11:45:29 | 000,390,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/12 15:03:38 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oleg\Desktop\OTL.exe
[2010/05/11 11:10:48 | 034,595,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Oleg\Desktop\7.0.0.538f-sdsetup.exe
[2010/05/11 10:46:29 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/11 10:46:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/11 10:45:35 | 050,423,624 | ---- | M] () -- C:\Documents and Settings\Oleg\Desktop\setup_av_free.exe
[2010/05/11 09:13:52 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2010/05/11 08:38:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3482192361-3212699172-3167445760-1005.job
[2010/05/10 19:30:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/05 14:57:48 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/05 09:23:28 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\Oleg\My Documents\CH_Book.xls
[2010/05/05 08:18:10 | 001,516,172 | ---- | M] () -- C:\Documents and Settings\Oleg\Desktop\Profulgent (2).pdf
[2010/04/30 12:58:06 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Oleg\My Documents\LinkedIn.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 00:50:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/21 09:51:54 | 000,000,122 | -H-- | M] () -- C:\Documents and Settings\Oleg\Application Data\Balzo.dat
[2010/04/17 14:24:23 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Oleg\Desktop\stresum_Apr2010.doc
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/14 16:42:38 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Oleg\Desktop\dds.scr
[2010/05/14 11:53:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/14 11:53:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/14 11:53:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/14 11:53:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/14 11:53:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/14 11:15:39 | 003,688,883 | R--- | C] () -- C:\Documents and Settings\Oleg\Desktop\ComboFix.exe
[2010/05/14 07:57:47 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/05/11 11:15:48 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/05/11 11:15:48 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/05/11 11:15:47 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/05/11 11:15:47 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/05/11 11:15:46 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/05/11 11:15:46 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/05/11 11:13:00 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/05/11 11:12:36 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/05/11 11:12:36 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/05/11 11:12:07 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/05/11 10:46:29 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/11 10:45:14 | 050,423,624 | ---- | C] () -- C:\Documents and Settings\Oleg\Desktop\setup_av_free.exe
[2010/05/11 09:13:52 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2010/05/05 19:51:25 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/05 08:18:09 | 001,516,172 | ---- | C] () -- C:\Documents and Settings\Oleg\Desktop\Profulgent (2).pdf
[2010/04/30 12:58:06 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Oleg\My Documents\LinkedIn.doc
[2010/04/17 14:24:21 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Oleg\Desktop\stresum_Apr2010.doc
[2009/04/10 12:54:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/03/31 16:36:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/31 16:34:43 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPART700.ini
[2008/05/26 16:00:47 | 000,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2008/05/22 13:36:03 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/05/22 13:23:06 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2008/05/22 13:23:04 | 000,028,787 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/09/09 14:42:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2007/07/19 11:40:48 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\IMGFX6MU.DLL
[2007/05/22 19:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/18 10:29:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/10/23 09:05:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2006/10/23 09:04:40 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/10/23 09:04:40 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/10/23 09:04:36 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2006/10/23 09:04:35 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/10/23 09:04:35 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/10/23 09:04:33 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/09/12 10:28:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/02 19:08:59 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2006/03/31 11:58:18 | 000,000,141 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/02/23 01:24:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2006/02/23 01:15:41 | 000,000,114 | ---- | C] () -- C:\WINDOWS\cm.ini
[2005/08/29 18:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/24 16:32:44 | 000,000,016 | ---- | C] () -- C:\WINDOWS\ADS.INI
[2005/08/20 11:02:52 | 000,000,180 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2005/05/11 17:45:58 | 000,003,575 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/29 18:57:23 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2005/04/29 17:48:46 | 000,018,350 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2005/04/21 22:51:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/04/14 21:39:52 | 000,676,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\fw.sys
[2005/04/14 21:39:52 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\ckpgina.dll
[2005/04/14 21:39:52 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2005/04/03 12:52:18 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2005/03/18 08:52:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2005/03/15 20:51:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/13 20:08:52 | 000,001,242 | ---- | C] () -- C:\WINDOWS\DVDFab.INI
[2005/03/12 10:39:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/09 11:56:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/09 11:55:23 | 000,000,785 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/09 11:44:44 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/03/09 11:44:26 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/03/09 11:44:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/03/09 11:44:24 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/03/09 11:44:04 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/03/09 11:14:58 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/11 19:25:56 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/02 09:32:30 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/04/23 16:37:24 | 000,294,986 | ---- | C] () -- C:\WINDOWS\System32\UIHelper.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/05/10 16:30:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/09/28 13:44:58 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[1999/01/04 13:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\EVENTLOG.DLL
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\EVENTLOG.DLL

< MD5 for: IASTOR.SYS >
[2004/03/23 14:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\DRIVERS\STORAGE\SATA\ONBOARD\IASTOR.SYS
[2004/03/23 14:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\I386\iaStor.sys
[2004/03/23 14:13:58 | 000,467,200 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\DRIVERS\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\NETLOGON.DLL
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\SCECLI.DLL
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\SCECLI.DLL

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 07:00:00 | 001,251,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\COMSVCS.DLL
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[42 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2004/03/23 14:13:58 | 000,467,200 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\DRIVERS\iaStor.sys

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
[2010/03/02 19:06:34 | 000,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BHDrvx86.sys
[2010/03/02 19:06:34 | 000,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\cchpx86.sys
[2010/03/02 19:06:34 | 000,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTCore.sys
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
[2010/03/02 19:06:35 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys
[2010/03/02 19:06:35 | 000,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SymEFA.sys
[2010/03/02 19:06:39 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
[2010/03/02 19:06:35 | 000,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys
[2010/03/02 19:06:35 | 000,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\Wine:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\su-g12.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\Spybot:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\Resume:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\Recipes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\pumpkin stencils:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\PcSetup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\NeroVision:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\Nero Recode:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\My muvees:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\DVDFab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\docXConverter logs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\AdobeStockPhotos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Oleg\My Documents\1.dmsd:Roxio EMC Stream
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


#5 Oleg999

Oleg999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 17 May 2010 - 08:03 AM

OTL Extras logfile created on: 5/17/2010 7:52:11 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Oleg\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 513.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.10 Gb Total Space | 2.44 Gb Free Space | 1.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 469.73 Mb Total Space | 278.77 Mb Free Space | 59.35% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Unable to calculate disk information.

Computer Name: NDell
Current User Name: Oleg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade 2.01 -- (IGN Entertainment, Inc.)
"C:\Games\RS\RogueSpear.exe" = C:\Games\RS\RogueSpear.exe:*:Enabled:RogueSpear -- ()
"C:\Program Files\MSN Gaming Zone\zclient.exe" = C:\Program Files\MSN Gaming Zone\zclient.exe:*:Enabled:Zone Datafile -- ()
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw -- ()
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1733360D-6EE0-42F9-9B03-1072D5CD8179}" = ArcSoft Print Creations
"{17848FE0-9999-11D9-A1B7-00E0294E8E2E}_is1" = ÀvosVins 6.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Планета Земля
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0
"{30161931-E14F-42B5-BFC0-1AB5ADE4459B}" = muvee autoProducer 5.0
"{322E9572-A659-4920-BE8E-D0899920C22C}" = Book Designer 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3780136B-22BA-4327-A226-A39EB2636730}" = Roxio Easy Media Creator 8 Content
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}" = Nokia Connectivity Cable Driver
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{458C43DB-081B-417D-964D-222C37AEBBFC}" = ArcSoft Software Suite
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.77
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F70EF2E-DE5D-4CE7-B92A-9F1FC0EE3CA7}" = InterVideo DVDCopy 4
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B02159-7625-4DBB-B9EE-F933039830AD}" = QuickBooks Premier: Retail Edition 2006
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{77FCC1D4-E78E-46A4-80A6-7F456FA9AC90}" = Finding Nemo: Nemo's Underwater World of Fun Special Edition
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B449C1A-4F64-4ED4-8C96-31B222E8377F}" = BlackBerry Desktop Software 4.2.2
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A0EAB3BE-AC3F-4F9F-ACC0-ED1809B607E3}" = eBook Library by Sony
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAEC4430-9C46-4E07-B181-F671C86CC0CE}" = RSD_LITE_2_4
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BCDA28CF-BDE3-49BE-AB50-87FD47CA4559}" = OneTouch 4.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{E896DA69-F993-440E-8515-EB197EFB284F}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F4531F16-9198-4DF0-A5FA-4CC0265086C2}" = ScanSoft PaperPort 10.0
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F652D238-5F29-42D5-BAF3-0115EF977EC2}" = Windows Live Sign-in Assistant
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FE7A3FE1-AF76-44FD-BC70-09868A51887A}" = iPod for Windows 2005-06-26
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Acoustica Effects Pack" = Acoustica Effects Pack
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Encore DVD 2.0" = Adobe Encore DVD 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Advanced DVD PlayerPro_is1" = Advanced DVD PlayerPro
"AOL Instant Messenger" = AOL Instant Messenger
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"avast5" = avast! Free Antivirus
"AVGantiRootkit" = AVG Anti-Rootkit Free
"AvosVins 5.0" = AvosVins 5.0
"BlackBerry_{9B449C1A-4F64-4ED4-8C96-31B222E8377F}" = BlackBerry Desktop Software 4.2.2
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BSPlayer1" = BSPlayer
"CallPilot Desktop Messaging for Internet Mail" = CallPilot Audio Player
"CO Maps for Rogue Spear" = CO Maps for Rogue Spear
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"docXConverter_is1" = docXConverter 1.3
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Wizard Pro" = DVD Wizard Pro 5.75
"DVDFab Platinum_is1" = DVDFab Platinum 3.0.9.8
"DVDFab_is1" = DVDFab 1.70 English Version
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"Elite Proxy Switcher_is1" = Elite Proxy Switcher 1.06C
"eMule" = eMule
"Entriq MediaSphere_is1" = Entriq MediaSphere 3.4.0.15
"EPSON Artisan 700 Series" = EPSON Artisan 700 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Eye Candy 4000" = Eye Candy 4000
"FTP Commander" = FTP Commander
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"GribUser FB2ANY" = GribUser FB2 to Any 1.0 (remove only)
"HijackThis" = HijackThis 2.0.2
"IBP8_is1" = IBP 8.1
"IDAutomation.com Code 39 Free Font" = IDAutomation.com Code 39 Free Font
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}" = Nokia Connectivity Cable Driver
"InstallShield_{77FCC1D4-E78E-46A4-80A6-7F456FA9AC90}" = Finding Nemo: Nemo's Underwater World of Fun Special Edition
"InstallShield_{FE7A3FE1-AF76-44FD-BC70-09868A51887A}" = iPod for Windows 2005-06-26
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"KeynoteConnector" = Keynote Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mavis Beacon Teaches Typing Deluxe 16" = Mavis Beacon Teaches Typing Deluxe 16
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"Microsoft NetShow Tools 2.0" = Windows Media Tools 4.1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"nevideo" = NeroDigital MPEG-1/2/4 & AVC decoder v2.02
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OnRez" = OnRez (remove only)
"OrderReminder hp LaserJet 101x" = OrderReminder hp LaserJet 101x
"PrimaSoft Wine Organizer 3.6s" = PrimaSoft Wine Organizer 3.6s
"R6:UO (R6 campaign for rogue spear:urban operations)" = R6:UO (R6 campaign for rogue spear:urban operations)
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.1
"RG mappack 1" = RG mappack 1
"RG mappack 3" = RG mappack 3
"RG mappack2" = RG mappack2
"RocketPack #2 BT RS Expansion Pack" = RocketPack #2 BT RS Expansion Pack
"RocketPak3 - UO for RS expansion pack" = RocketPak3 - UO for RS expansion pack
"SecuRemote" = Check Point SecuRemote 4.1
"ShopFactory V8 Total Care_is1" = ShopFactory V8 Total Care
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = RS Toolkit 2000
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"WavePad" = WavePad Uninstall
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinISO_is1" = WinISO 5.3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenofex 1.0" = Xenofex 1.0
"Xenofex2" = Alien Skin Xenofex 2.0
"Yet another map pack" = Yet another map pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2010 8:50:45 AM | Computer Name = NDell | Source = Google Update | ID = 20
Description =

Error - 5/6/2010 9:50:24 AM | Computer Name = NDell | Source = Google Update | ID = 20
Description =

Error - 5/9/2010 5:40:08 PM | Computer Name = NDell | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/10/2010 11:31:11 AM | Computer Name = NDell | Source = Application Error | ID = 1000
Description = Faulting application acdaemon.exe, version 1.1.0.47, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 5/10/2010 11:32:30 AM | Computer Name = NDell | Source = Application Error | ID = 1000
Description = Faulting application eeventmanager.exe, version 2.0.0.1, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 5/11/2010 8:13:41 AM | Computer Name = NDell | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 5/11/2010 10:07:09 AM | Computer Name = NDell | Source = Application Error | ID = 1000
Description = Faulting application acdaemon.exe, version 1.1.0.47, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 5/12/2010 8:27:55 AM | Computer Name = NDell | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/12/2010 12:59:25 PM | Computer Name = NDell | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2010 7:58:39 AM | Computer Name = NDell | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/13/2010 9:24:11 AM | Computer Name = NDell | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\HPBPRO.EXE -Embedding

Error - 5/13/2010 9:24:11 AM | Computer Name = NDell | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\HPBPRO.EXE -Embedding

Error - 5/13/2010 9:24:11 AM | Computer Name = NDell | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\HPBPRO.EXE -Embedding

Error - 5/13/2010 9:24:11 AM | Computer Name = NDell | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\HPBPRO.EXE -Embedding

Error - 5/13/2010 9:24:11 AM | Computer Name = NDell | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\HPBPRO.EXE -Embedding

Error - 5/13/2010 9:24:11 AM | Computer Name = NDell | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\HPBPRO.EXE -Embedding

Error - 5/13/2010 9:24:41 AM | Computer Name = NDell | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\HPBPRO.EXE -Embedding

Error - 5/13/2010 9:24:41 AM | Computer Name = NDell | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\HPBPRO.EXE -Embedding

Error - 5/13/2010 10:49:08 AM | Computer Name = NDell | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\HPBPRO.EXE -Embedding

Error - 5/13/2010 5:46:05 PM | Computer Name = NDell | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\HPBPRO.EXE -Embedding


< End of report >


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 17 May 2010 - 08:09 AM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Oleg999

Oleg999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 18 May 2010 - 03:18 PM

was only able to run in safe mode

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-18 15:17:27
Windows 5.1.2600 Service Pack 2
Running: 4839k677.exe; Driver: C:\DOCUME~1\Oleg\LOCALS~1\Temp\fxtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7267112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF72462D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF72464C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7267900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7267BB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7265E12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7268020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF72673D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7245F44]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\iaStor.sys entry point in ".rsrc" section [0xF7352F80]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\iaStor \Device\Ide\iaStor0 [F731843E] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F731843E] iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs F76F2400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a598d25
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a598d25@00149abe7858 0x01 0x80 0x59 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a598d25 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a598d25@00149abe7858 0x01 0x80 0x59 0xB4 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ЄЗ\OpenWithProgids@

---- Files - GMER 1.0.15 ----

File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-18-02_Home_DJ_01.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-18-02_Home_DJ_02.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-18-02_Home_DJ_03.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-18-02_Home_DJ_04.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-22-02_NY_Oceana_DJ_01.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-22-02_NY_Oceana_DJ_02.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-22-02_NY_Oceana_DJ_03.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-22-02_NY_Oceana_DJ_04.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-22-02_NY_Oceana_DJ_05.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-23-02_NY_Bparty_DJ_01.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-23-02_NY_Bparty_DJ_02.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-23-02_NY_Bparty_DJ_03.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-23-02_NY_Bparty_DJ_Leny_01.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-23-02_NY_Bparty_DJ_Leny_Lora_01.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-23-02_NY_Bparty_DJ_Leny_Lora_02.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-23-02_NY_Bparty_DJ_Leny_Lora_03.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-23-02_NY_Bparty_DJ_Stella_01.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-23-02_NY_Bparty_DJ_Stella_02.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\06-23-02_NY_Oceana_DJ_01.jpg 526 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\07-12-2002_Home_DJ01.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\07-12-2002_Home_DJ02.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\07-12-2002_Home_DJ03.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\07-12-2002_Home_DJ04.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\07-12-2002_Home_DJ05.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\07-12-2002_Home_DJ06.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-01-2002_Home_DJ01.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-01-2002_Home_DJ02.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-01-2002_Home_DJ03.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-01-2002_Home_DJ04.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-04-2002_Home_DJ01.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-04-2002_Home_DJ02.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-04-2002_Home_DJ03.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-04-2002_Home_DJ04.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-11-2002_Car_DJ01.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-11-2002_Car_DJ02.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-11-2002_Home_DJ01.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-11-2002_Home_DJ02.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-11-2002_Home_DJ03.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-11-2002_Home_DJ04.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-11-2002_Home_DJ05.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-11-2002_Home_DJ06.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-11-2002_Home_DJ07.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-19-2002_Home_DJ01.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-20-2002_Home_DJ01.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ01.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ02.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ03.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ04.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ05.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ06.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ07.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ08.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ09.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ10.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ11.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-19-2002_Home_DJ02.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-24-2002_Home_DJ12.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-05-2002_Oceana_DJ01.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-25-2002_Home_DJ01.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-25-2002_Home_DJ02.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-25-2002_Home_DJ03.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-25-2002_Home_DJ04.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-30-2002_Home_DJ01.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-30-2002_Home_DJ02.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\08-30-2002_Home_DJ03.jpg 528 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-03-2002_Oceana_DJ01_St.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-03-2002_Oceana_DJ02_St.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-04-2002_Boardwalk_DJ01_Le.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-04-2002_Boardwalk_DJ02_Le.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-04-2002_Boardwalk_DJ03_Le_St.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-04-2002_Boardwalk_DJ04_Le.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-05-2002_BrightonBeach_DJ01.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-05-2002_BrightonBeach_DJ02.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-05-2002_BrightonBeach_DJ03.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-05-2002_BrightonBeach_DJ04.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-05-2002_BrightonBeach_DJ05.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-05-2002_BrightonBeach_DJ06.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-05-2002_Oceana_DJ02.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-05-2002_Oceana_DJ03_Le.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-05-2002_Oceana_DJ04_Le.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-08-2002_BrightonBeachPlayground_DJ01_Le.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-08-2002_BrightonBeachPlayground_DJ02_Le.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\09-08-2002_BrightonBeachPlayground_DJ03_Le.jpg 506 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\real.htm 4719 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\real_p.htm 4633 bytes
File C:\wwwroot\photogallery\photo2263\_vti_cnf\real_x.htm 4467 bytes
File C:\wwwroot\photogallery\photo2312\_vti_cnf\02-02-02_Home_DJ1.jpg 564 bytes
File C:\wwwroot\photogallery\photo2312\_vti_cnf\02-02-02_Home_DJ2.jpg 564 bytes
File C:\wwwroot\photogallery\photo2312\_vti_cnf\02-02-02_Home_DJ3.jpg 564 bytes
File C:\wwwroot\photogallery\photo2312\_vti_cnf\02-02-02_Home_DJ4.jpg 564 bytes
File C:\wwwroot\photogallery\photo2312\_vti_cnf\02-02-02_Home_DJ5.jpg 564 bytes
File C:\wwwroot\photogallery\photo2312\_vti_cnf\02-02-02_Home_DJ6.jpg 564 bytes
File C:\wwwroot\photogallery\photo2312\_vti_cnf\02-02-02_Home_DJ7.jpg 530 bytes
File C:\wwwroot\photogallery\photo2312\_vti_cnf\02-02-02_Home_DJ8.jpg 530 bytes
File C:\wwwroot\photogallery\photo2312\_vti_cnf\02-02-02_Home_DJ9.jpg 530 bytes
File C:\wwwroot\photogallery\photo2312\_vti_cnf\02-02-02_Home_DJ9a.jpg 530 bytes
File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 18 May 2010 - 05:41 PM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run TDSSKiller and post the log in your next reply:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Oleg999

Oleg999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 19 May 2010 - 05:27 AM

I ran the prog, it fixed iaStor.sys file, but did not create the txt file. The search engine issue is gone. Thank you for your help!!! )))))

#10 Oleg999

Oleg999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 19 May 2010 - 07:30 AM

Found the log

06:19:04:609 4720 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
06:19:04:609 4720 ================================================================================
06:19:04:609 4720 SystemInfo:

06:19:04:609 4720 OS Version: 5.1.2600 ServicePack: 2.0
06:19:04:609 4720 Product type: Workstation
06:19:04:609 4720 ComputerName: NDell
06:19:04:609 4720 UserName: Oleg
06:19:04:609 4720 Windows directory: C:\WINDOWS
06:19:04:609 4720 Processor architecture: Intel x86
06:19:04:609 4720 Number of processors: 2
06:19:04:609 4720 Page size: 0x1000
06:19:04:625 4720 Boot type: Normal boot
06:19:04:625 4720 ================================================================================
06:19:04:625 4720 UnloadDriverW: NtUnloadDriver error 2
06:19:04:625 4720 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
06:19:04:734 4720 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
06:19:04:734 4720 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
06:19:04:734 4720 wfopen_ex: Trying to KLMD file open
06:19:04:734 4720 wfopen_ex: File opened ok (Flags 2)
06:19:04:734 4720 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
06:19:04:734 4720 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
06:19:04:734 4720 wfopen_ex: Trying to KLMD file open
06:19:04:734 4720 wfopen_ex: File opened ok (Flags 2)
06:19:04:734 4720 KLAVA engine initialized
06:19:04:937 4720 Initialize success
06:19:04:937 4720
06:19:04:937 4720 Scanning Services ...
06:19:05:046 4720 Raw services enum returned 457 services
06:19:05:062 4720
06:19:05:062 4720 Scanning Drivers ...
06:19:05:234 4720 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
06:19:05:281 4720 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys
06:19:05:312 4720 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:19:05:328 4720 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:19:05:375 4720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:19:05:375 4720 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:19:05:421 4720 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
06:19:05:453 4720 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
06:19:05:468 4720 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
06:19:05:484 4720 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:19:05:500 4720 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:19:05:500 4720 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:19:05:515 4720 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:19:05:531 4720 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:19:05:531 4720 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:19:05:562 4720 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:19:05:562 4720 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:19:05:578 4720 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:19:05:593 4720 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:19:05:609 4720 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:19:05:625 4720 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:19:05:625 4720 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:19:05:656 4720 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys
06:19:05:671 4720 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys
06:19:05:703 4720 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys
06:19:05:718 4720 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys
06:19:05:781 4720 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys
06:19:05:796 4720 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:19:05:812 4720 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:19:05:859 4720 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:19:05:875 4720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:19:05:906 4720 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
06:19:05:921 4720 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
06:19:05:937 4720 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
06:19:05:968 4720 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
06:19:05:984 4720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:19:06:031 4720 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
06:19:06:078 4720 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
06:19:06:156 4720 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
06:19:06:218 4720 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
06:19:06:296 4720 BTHPORT (30b76ec553b202890e90a93a4e1a27b5) C:\WINDOWS\system32\Drivers\BTHport.sys
06:19:06:328 4720 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
06:19:06:484 4720 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
06:19:06:531 4720 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:19:06:546 4720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:19:06:562 4720 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:19:06:656 4720 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
06:19:06:671 4720 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:19:06:687 4720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:19:06:687 4720 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
06:19:06:718 4720 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
06:19:06:734 4720 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
06:19:06:750 4720 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:19:06:765 4720 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:19:06:796 4720 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:19:06:828 4720 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
06:19:06:875 4720 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
06:19:06:906 4720 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
06:19:06:937 4720 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
06:19:06:953 4720 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
06:19:06:984 4720 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:19:07:000 4720 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:19:07:015 4720 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
06:19:07:046 4720 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
06:19:07:078 4720 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
06:19:07:093 4720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:19:07:109 4720 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
06:19:07:156 4720 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
06:19:07:156 4720 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
06:19:07:171 4720 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
06:19:07:187 4720 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:19:07:203 4720 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
06:19:07:218 4720 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
06:19:07:359 4720 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
06:19:07:406 4720 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
06:19:07:421 4720 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
06:19:07:453 4720 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
06:19:07:468 4720 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:19:07:484 4720 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
06:19:07:515 4720 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:19:07:546 4720 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
06:19:07:562 4720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:19:07:578 4720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:19:07:593 4720 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
06:19:07:625 4720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:19:07:640 4720 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:19:07:703 4720 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
06:19:07:718 4720 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
06:19:07:765 4720 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:19:07:781 4720 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:19:07:828 4720 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
06:19:07:859 4720 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:19:07:859 4720 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:19:07:890 4720 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:19:07:921 4720 iaStor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\drivers\iaStor.sys
06:19:08:140 4720 IDSxpx86 (6e42876010256ee5119baf0838574e0c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100513.002\IDSxpx86.sys
06:19:08:203 4720 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:19:08:250 4720 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:19:08:296 4720 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
06:19:08:343 4720 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
06:19:08:375 4720 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
06:19:08:375 4720 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:19:08:390 4720 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:19:08:421 4720 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
06:19:08:421 4720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:19:08:453 4720 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:19:08:500 4720 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:19:08:515 4720 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:19:08:562 4720 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
06:19:08:578 4720 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:19:08:593 4720 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:19:08:625 4720 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
06:19:08:640 4720 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:19:08:671 4720 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
06:19:08:687 4720 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
06:19:08:718 4720 L8042PR2 (364731c65e8e39366f70a9fd00577ce4) C:\WINDOWS\system32\Drivers\l8042pr2.sys
06:19:08:750 4720 LHidFlt2 (e35a89651ea2f96f4e4f8f87bfcf6072) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
06:19:08:765 4720 LHidUsb (e9eacb3346df3a398d24290ce503014d) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
06:19:08:828 4720 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
06:19:08:875 4720 LMIRfsDriver (74701f9e50292543e7c2867cdbf4c4a5) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
06:19:08:875 4720 LMouFlt2 (086ecd09258f0478b387882c5397e6ca) C:\WINDOWS\system32\Drivers\LMouFlt2.sys
06:19:08:906 4720 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
06:19:08:937 4720 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
06:19:08:984 4720 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
06:19:09:031 4720 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
06:19:09:046 4720 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
06:19:09:062 4720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:19:09:078 4720 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
06:19:09:093 4720 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
06:19:09:109 4720 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
06:19:09:125 4720 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:19:09:171 4720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:19:09:187 4720 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
06:19:09:203 4720 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:19:09:203 4720 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:19:09:250 4720 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:19:09:281 4720 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
06:19:09:312 4720 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
06:19:09:359 4720 MSIRCOMM (ee55f5c64417cc369866d7eafe9b07ab) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
06:19:09:375 4720 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:19:09:390 4720 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:19:09:421 4720 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
06:19:09:437 4720 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:19:09:468 4720 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
06:19:09:500 4720 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
06:19:09:531 4720 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:19:09:750 4720 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100518.004\NAVENG.SYS
06:19:09:890 4720 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100518.004\NAVEX15.SYS
06:19:10:062 4720 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
06:19:10:109 4720 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:19:10:125 4720 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:19:10:140 4720 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:19:10:171 4720 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:19:10:171 4720 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
06:19:10:203 4720 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:19:10:234 4720 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:19:10:281 4720 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:19:10:296 4720 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
06:19:10:328 4720 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
06:19:10:343 4720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:19:10:484 4720 nv (f1f77fe483f84604d59a76619fd06b57) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:19:10:531 4720 NvNdis (0b7f59271f2694efd2f540b3332ddf5c) C:\WINDOWS\system32\Drivers\NvNdis.sys
06:19:10:562 4720 nvport (d020735b3af8c54715c30c9a5679bc66) C:\WINDOWS\system32\Drivers\nvport.sys
06:19:10:578 4720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:19:10:593 4720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:19:10:609 4720 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:19:10:625 4720 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
06:19:10:671 4720 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
06:19:10:703 4720 P2k (300f7eb434d7ae9ab5209eb5f6c3c98b) C:\WINDOWS\system32\DRIVERS\P2k.sys
06:19:10:718 4720 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
06:19:10:734 4720 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
06:19:10:765 4720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:19:10:781 4720 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
06:19:10:812 4720 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:19:10:843 4720 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:19:10:875 4720 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
06:19:10:906 4720 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
06:19:10:953 4720 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:19:10:953 4720 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:19:10:984 4720 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
06:19:11:015 4720 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
06:19:11:031 4720 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:19:11:046 4720 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
06:19:11:062 4720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:19:11:078 4720 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:19:11:093 4720 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:19:11:109 4720 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:19:11:125 4720 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:19:11:156 4720 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:19:11:171 4720 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:19:11:187 4720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:19:11:218 4720 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
06:19:11:234 4720 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:19:11:250 4720 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:19:11:265 4720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:19:11:265 4720 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:19:11:296 4720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:19:11:343 4720 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:19:11:375 4720 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
06:19:11:390 4720 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:19:11:421 4720 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
06:19:11:468 4720 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
06:19:11:500 4720 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
06:19:11:531 4720 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
06:19:11:609 4720 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
06:19:11:625 4720 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
06:19:11:656 4720 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
06:19:11:671 4720 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:19:11:687 4720 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:19:11:718 4720 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
06:19:11:734 4720 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:19:11:765 4720 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:19:11:781 4720 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:19:11:796 4720 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:19:11:812 4720 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
06:19:11:843 4720 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
06:19:11:906 4720 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
06:19:11:921 4720 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
06:19:11:953 4720 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
06:19:11:984 4720 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
06:19:12:015 4720 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:19:12:031 4720 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:19:12:046 4720 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
06:19:12:078 4720 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:19:12:093 4720 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:19:12:140 4720 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
06:19:12:171 4720 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
06:19:12:187 4720 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
06:19:12:203 4720 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
06:19:12:234 4720 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
06:19:12:234 4720 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
06:19:12:250 4720 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
06:19:12:281 4720 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
06:19:12:312 4720 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:19:12:343 4720 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:19:12:359 4720 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
06:19:12:390 4720 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:19:12:406 4720 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:19:12:421 4720 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
06:19:12:437 4720 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:19:12:453 4720 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:19:12:468 4720 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
06:19:12:484 4720 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:19:12:500 4720 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
06:19:12:531 4720 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
06:19:12:562 4720 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
06:19:12:593 4720 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:19:12:609 4720 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:19:12:625 4720 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:19:12:656 4720 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:19:12:671 4720 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
06:19:12:687 4720 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:19:12:703 4720 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:19:12:734 4720 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
06:19:12:750 4720 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:19:12:765 4720 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:19:12:781 4720 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
06:19:12:796 4720 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:19:12:828 4720 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
06:19:12:859 4720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:19:12:890 4720 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:19:12:921 4720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:19:12:968 4720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:19:12:984 4720
06:19:12:984 4720 Completed
06:19:12:984 4720
06:19:12:984 4720 Results:
06:19:12:984 4720 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
06:19:12:984 4720 File objects infected / cured / cured on reboot: 0 / 0 / 0
06:19:12:984 4720
06:19:12:984 4720 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
06:19:12:984 4720 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
06:19:12:984 4720 KLMD(ARK) unloaded successfully


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 19 May 2010 - 10:33 AM

Hi,

happy to hear that! smile.gif Please run a scan with Eset to check for left overs:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Oleg999

Oleg999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 21 May 2010 - 08:53 AM

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe Win32/Hoax.Renos.DWS application
C:\Documents and Settings\Daniel\My Documents\SetupPlaySushi.exe probably a variant of Win32/Adware.Gamevance.AE application
C:\Documents and Settings\Oleg\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmseria.jar-655514a7-2c775386.zip a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddfNTvut.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\dduqkxut.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\jPsBLnmp.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\LmlTCJlm.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\mmjkpssr.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\vGMlmnnn.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\ytmnwcgm.ini.vir Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\Installer\a219990.msi probably a variant of Win32/Genetik trojan


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 21 May 2010 - 10:52 AM

Hi,

PlaySushi is a game of very shady reputation, are you sure you want to use it? If not please delete: C:\Documents and Settings\Daniel\My Documents\SetupPlaySushi.exe

Please also update your Java:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 30 May 2010 - 12:25 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users