Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

atapi.sys Rootkit


  • This topic is locked This topic is locked
14 replies to this topic

#1 davesmyth

davesmyth

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 03 June 2010 - 07:27 AM

Thanks for taking the time to read this. I have come to the realisation that I have a rootkit in my atapi.sys file. I have run TDSS Killer and this is what it has told me, once run I have then removed this file by pressing Y and then restarting. I then run malwarebytes and it finds nothing. My computer has been doing some annoying things which I am not sure are all related or not. Firstly when searching on google I keep getting redirected to other pages. Symantec Endpoint also keeps saying Tidserv request blocked. My computer has also started booting up in what appears like safemode with almost all the icons dissapearing bar 4 or 5. I have to reset my computer to hope to get it back to normal in which case the icons are all back but jumbled up. From the research I have done online these later symptoms don't seem entirely applicable to a rootkit issue but I could be and probably am wrong. I have run DDS as instructed and have attached the log and pasted the text below. When it came to running the GMER program I have tried running it 4 times now and have had the computer crash every time. it goes to the blue screen and says critical memory dumping. so as a result there are no log files to attach.

Please help I am at my wits end. I am reasonably computer literate so I can do what needs to be done at your advice

DDS (Ver_10-03-17.01) - NTFSx86
Run by dsmyth at 0:09:52.73 on Thu 03/06/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.61.1033.18.3068.1864 [GMT 8:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Altiris\Dagent\dagent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Altiris\Dagent\dagentui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\dsmyth\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nba.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [RayV] c:\program files\rayv\rayv\RayV.exe /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [DagentUI] c:\program files\altiris\dagent\dagentui.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll

============= SERVICES / DRIVERS ===============

R2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\altiris\dagent\dagent.exe [2009-8-11 1246544]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-6-18 2440632]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2010-5-24 1590216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-29 38224]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-13 6628352]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 135664]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

============== File Associations ===============

.scr=scr_auto_file

=============== Created Last 30 ================

2010-06-01 06:14:52 0 d-----w- c:\programdata\WindowsSearch
2010-06-01 05:17:43 46592 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2010-05-31 06:14:13 0 d-----w- c:\programdata\PC Suite
2010-05-31 06:13:47 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-31 06:13:07 0 d-----w- c:\users\dsmyth\{1ab5ee16-853e-445c-8e40-1f5419d0aaf0}
2010-05-31 06:12:27 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-05-31 06:11:47 0 d-----w- c:\programdata\Installations
2010-05-30 05:10:48 0 d-----w- c:\windows\pss
2010-05-29 02:12:22 0 d-----w- c:\users\dsmyth\appdata\roaming\Malwarebytes
2010-05-29 02:00:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 02:00:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-29 02:00:20 0 d-----w- c:\programdata\Malwarebytes
2010-05-28 04:30:51 0 d-----w- c:\users\dsmyth\appdata\roaming\ICAClient
2010-05-27 01:10:44 0 d-----w- c:\users\dsmyth\appdata\roaming\RayV
2010-05-26 13:01:48 94 ----a-w- c:\windows\brpcfx.ini
2010-05-26 13:01:48 245 ----a-w- c:\windows\Brpfx04a.ini
2010-05-26 13:01:33 419 ----a-w- c:\windows\BRWMARK.INI
2010-05-26 13:01:33 27 ----a-w- c:\windows\BRPP2KA.INI
2010-05-26 12:59:44 0 d-----w- c:\programdata\Brother
2010-05-26 10:05:34 0 d-----w- c:\users\dsmyth\appdata\roaming\LimeWire
2010-05-26 10:04:31 0 d-----w- c:\program files\LimeWire
2010-05-26 02:44:37 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-05-26 02:44:37 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-05-26 02:44:09 0 d-----w- c:\programdata\Nitro PDF
2010-05-26 02:44:05 0 d-----w- c:\program files\common files\Nitro PDF
2010-05-26 02:44:04 0 d-----w- c:\program files\Nitro PDF
2010-05-26 02:23:02 0 d-----w- c:\users\dsmyth\appdata\roaming\Downloaded Installations
2010-05-25 03:44:14 0 d-----w- c:\programdata\Sun
2010-05-25 03:43:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 03:05:32 0 d-----w- c:\program files\GPLGS
2010-05-25 03:03:52 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-05-25 03:03:52 0 d-----w- c:\program files\Acro Software
2010-05-25 03:03:44 0 d-----w- c:\program files\Ask.com
2010-05-25 03:02:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 03:02:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-05-25 03:02:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-05-25 03:02:24 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-05-25 02:59:41 2033152 ----a-w- c:\windows\system32\win32k.sys
2010-05-25 02:59:22 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-25 02:59:21 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-25 02:59:21 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-25 02:59:21 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-25 02:59:21 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-25 02:59:21 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-25 02:59:02 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-25 02:59:02 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-25 02:59:02 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-25 02:58:24 2868224 ----a-w- c:\windows\system32\mf.dll
2010-05-25 02:57:50 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-25 02:57:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-25 02:57:10 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 02:56:57 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-25 02:56:48 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-25 02:56:24 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-05-25 02:56:24 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-05-25 02:56:14 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-25 02:56:04 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-25 02:54:57 636928 ----a-w- c:\windows\system32\localspl.dll
2010-05-25 02:54:45 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-05-25 02:54:02 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-25 02:54:02 54784 ----a-w- c:\windows\system32\iasads.dll
2010-05-25 02:54:01 98304 ----a-w- c:\windows\system32\iasrecst.dll
2010-05-25 02:54:01 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-05-25 02:54:01 551424 ----a-w- c:\windows\system32\rpcss.dll
2010-05-25 02:54:01 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2010-05-25 02:54:01 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-05-25 02:54:01 183296 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-25 02:54:01 17408 ----a-w- c:\windows\system32\iashost.exe
2010-05-25 02:53:58 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-05-25 02:53:58 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-05-25 02:53:58 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-05-25 02:53:32 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-25 02:52:49 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-25 02:52:49 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-25 02:52:48 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-25 02:52:33 24064 ----a-w- c:\windows\system32\amxread.dll
2010-05-25 02:52:33 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-05-25 02:51:31 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-25 02:51:31 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-05-25 02:51:31 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-05-25 02:51:31 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-25 02:51:30 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-05-25 02:51:27 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-25 02:51:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-25 02:51:14 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-05-25 02:51:00 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-25 02:39:23 0 d-----w- c:\programdata\Intel
2010-05-25 02:38:19 0 d-----w- c:\program files\Cisco
2010-05-25 02:38:17 0 d-----w- c:\program files\common files\Intel
2010-05-25 02:37:48 0 d-----w- c:\users\dsmyth\appdata\roaming\Intel
2010-05-25 01:18:28 0 d-----w- c:\program files\SystemRequirementsLab
2010-05-24 08:31:01 0 d-----w- c:\program files\Model Maintenance
2010-05-24 08:29:19 0 d-----w- c:\program files\Client Variations
2010-05-24 08:29:06 0 d-----w- c:\program files\CBS3
2010-05-24 08:27:10 0 d-----w- c:\program files\Altiris
2010-05-24 08:23:07 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-05-24 08:23:07 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-05-24 08:23:06 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-05-24 08:23:06 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-05-24 08:23:06 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-05-24 08:23:06 11264 ----a-w- c:\windows\system32\icardres.dll
2010-05-24 08:23:04 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-05-24 08:23:02 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-05-24 08:16:16 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-05-24 08:16:14 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-05-24 08:16:11 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-05-24 08:16:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-05-24 08:15:59 83968 ----a-w- c:\windows\system32\mscories.dll
2010-05-24 08:12:44 0 d-----w- c:\users\dsmyth\appdata\roaming\CBS
2010-05-24 08:12:39 0 d-----w- c:\users\dsmyth\appdata\roaming\ABN
2010-05-24 08:05:24 286720 ------w- c:\windows\Setup1.exe
2010-05-24 08:05:21 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-24 08:05:19 1963 ----a-w- c:\windows\ST6UNST.000
2010-05-24 08:01:40 0 d-----w- c:\program files\AutoSketch
2010-05-24 08:01:15 282624 ----a-w- c:\windows\uninst.exe
2010-05-24 08:00:08 0 d-----w- c:\program files\Attachment Manager 2006
2010-05-24 07:58:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-24 07:58:09 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-24 07:58:09 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-24 07:55:10 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-05-24 07:55:10 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-05-24 07:55:10 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-05-24 07:54:44 0 d-----w- c:\programdata\Symantec
2010-05-24 07:54:44 0 d-----w- c:\program files\Symantec
2010-05-24 07:54:44 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-24 07:52:56 0 d-----w- c:\program files\common files\Crystal Decisions
2010-05-24 07:51:50 0 d-----w- c:\program files\UltraVNC
2010-05-24 07:47:42 0 d-----w- c:\program files\PBDescriptions
2010-05-24 07:47:41 0 d-----w- c:\program files\eWorkOrder
2010-05-24 07:47:41 0 d-----w- c:\program files\eStatement
2010-05-24 07:47:37 0 d-----w- c:\program files\eOrder
2010-05-24 07:47:23 0 d-----w- c:\program files\CBS
2010-05-24 07:47:23 0 d-----w- c:\program files\ABN Common
2010-05-24 07:39:18 0 d-----w- c:\windows\wlansvc
2010-05-24 07:11:18 0 d-----w- c:\program files\vnc service
2010-05-24 06:07:34 0 d-----w- C:\Signatures
2010-05-24 04:07:48 0 d-----w- c:\windows\Panther
2010-05-24 03:19:28 2459 ----a-w- c:\windows\bthservsdp.dat
2010-05-23 14:13:52 0 d-----w- c:\program files\Citrix
2010-05-23 14:01:43 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-23 14:01:43 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-23 14:01:09 0 d-----w- c:\program files\iPod
2010-05-23 14:01:07 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-23 14:01:07 0 d-----w- c:\program files\iTunes
2010-05-23 14:00:06 0 d-----w- c:\programdata\Apple Computer
2010-05-23 13:58:31 0 d-----w- c:\program files\Bonjour
2010-05-23 13:58:11 0 d-----w- c:\programdata\Apple
2010-05-23 13:33:56 0 d-----w- c:\programdata\Adobe
2010-05-23 13:33:33 0 d-----w- c:\programdata\Google
2010-05-23 13:33:09 0 d-----w- c:\programdata\NOS
2010-05-23 13:30:32 0 d-----w- c:\windows\PCHEALTH
2010-05-23 13:28:01 0 d-----w- c:\program files\NVIDIA Corporation
2010-05-23 13:26:57 0 d-----w- c:\programdata\Microsoft Help
2010-05-23 13:25:39 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-05-23 13:25:38 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-23 13:20:02 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-23 13:19:49 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-23 13:19:41 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-23 13:19:41 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-23 13:18:51 0 d-----w- c:\programdata\Roaming
2010-05-23 13:17:19 0 d-sh--w- c:\windows\Installer
2010-05-23 13:13:27 299008 ----a-w- c:\windows\system32\drivers\yk60x86.sys
2010-05-23 13:13:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-19 04:41:13 0 d-----w- c:\program files\NCH Software
2010-05-16 10:29:53 0 d-----w- c:\program files\common files\ParetoLogic
2010-05-14 07:42:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 06:16:25 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2010-06-01 15:22:58 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-01 05:25:22 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-01 05:25:22 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-01 05:25:22 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-16 00:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 00:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 05:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 05:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 14:55:32 9386600 ----a-w- c:\windows\system32\nvd3dum.dll
2010-04-03 14:55:32 795104 ----a-w- c:\windows\system32\dpinst.exe
2010-04-03 14:55:32 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 14:55:32 4503144 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-04-03 14:55:32 4029544 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 14:55:32 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 14:55:32 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-03 14:55:32 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 14:55:32 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 14:55:32 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2010-04-03 14:55:32 1296488 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 14:55:32 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2008-01-21 02:30:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:11:12.27 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 05 June 2010 - 09:39 PM

Hi and welcome. smile.gif

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 davesmyth

davesmyth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 06 June 2010 - 06:14 AM

Hey EB how are you?

Thanks for getting back to me so soon.

I have attached the DDS attach file and GMER log as per your request and have added the text to this blog.

I am having real trouble booting um my computer. every time seems to almost as if it is in some sort of safe mode with minimal icons and a different look.
I have attached a jpeg to see if this is a common thing. My IT department at work had recenetly installed some new software that I need so I am wondering if this is part of the issue.

Please let me know what I need to do next.

Have a great day

DDS (Ver_10-03-17.01) - NTFSx86
Run by dsmyth at 18:58:14.65 on Sun 06/06/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.61.1033.18.3068.2067 [GMT 8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Altiris\Dagent\dagent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Altiris\Dagent\dagentui.exe
C:\My Stuff\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nba.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [DagentUI] c:\program files\altiris\dagent\dagentui.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-5 164048]
R2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\altiris\dagent\dagent.exe [2009-8-11 1246544]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-5 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-5 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2010-5-24 1590216]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-13 6628352]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 135664]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

============== File Associations ===============

.scr=scr_auto_file

=============== Created Last 30 ================

2010-06-06 02:07:58 0 d-----r- c:\users\dsmyth\appdata\roaming\Brother
2010-06-05 15:46:24 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-05 15:45:33 0 d-----w- c:\programdata\Alwil Software
2010-06-05 15:17:24 0 d-----w- c:\windows\system32\appmgmt
2010-06-05 15:00:03 0 d-----w- c:\program files\ESET
2010-06-05 03:39:38 0 d-----w- c:\windows\system32\catroot2
2010-06-02 16:39:50 253349364 ----a-w- c:\windows\MEMORY.DMP
2010-06-01 06:14:52 0 d-----w- c:\programdata\WindowsSearch
2010-06-01 05:17:43 46592 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2010-05-31 06:14:13 0 d-----w- c:\programdata\PC Suite
2010-05-31 06:13:47 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-31 06:13:07 0 d-----w- c:\users\dsmyth\{1ab5ee16-853e-445c-8e40-1f5419d0aaf0}
2010-05-31 06:12:27 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-05-31 06:11:47 0 d-----w- c:\programdata\Installations
2010-05-30 05:10:48 0 d-----w- c:\windows\pss
2010-05-29 02:12:22 0 d-----w- c:\users\dsmyth\appdata\roaming\Malwarebytes
2010-05-29 02:00:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 02:00:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-29 02:00:20 0 d-----w- c:\programdata\Malwarebytes
2010-05-28 04:30:51 0 d-----w- c:\users\dsmyth\appdata\roaming\ICAClient
2010-05-27 01:10:44 0 d-----w- c:\users\dsmyth\appdata\roaming\RayV
2010-05-26 13:01:48 94 ----a-w- c:\windows\brpcfx.ini
2010-05-26 13:01:48 245 ----a-w- c:\windows\Brpfx04a.ini
2010-05-26 13:01:33 419 ----a-w- c:\windows\BRWMARK.INI
2010-05-26 13:01:33 27 ----a-w- c:\windows\BRPP2KA.INI
2010-05-26 12:59:44 0 d-----w- c:\programdata\Brother
2010-05-26 10:04:31 0 d-----w- c:\program files\LimeWire
2010-05-26 02:44:37 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-05-26 02:44:37 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-05-26 02:44:09 0 d-----w- c:\programdata\Nitro PDF
2010-05-26 02:44:05 0 d-----w- c:\program files\common files\Nitro PDF
2010-05-26 02:44:04 0 d-----w- c:\program files\Nitro PDF
2010-05-26 02:23:02 0 d-----w- c:\users\dsmyth\appdata\roaming\Downloaded Installations
2010-05-25 03:44:14 0 d-----w- c:\programdata\Sun
2010-05-25 03:43:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 03:05:32 0 d-----w- c:\program files\GPLGS
2010-05-25 03:03:52 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-05-25 03:03:52 0 d-----w- c:\program files\Acro Software
2010-05-25 03:03:44 0 d-----w- c:\program files\Ask.com
2010-05-25 03:02:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 03:02:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-05-25 03:02:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-05-25 03:02:24 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-05-25 02:59:41 2033152 ----a-w- c:\windows\system32\win32k.sys
2010-05-25 02:59:22 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-25 02:59:21 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-25 02:59:21 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-25 02:59:21 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-25 02:59:21 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-25 02:59:21 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-25 02:59:02 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-25 02:59:02 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-25 02:59:02 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-25 02:58:24 2868224 ----a-w- c:\windows\system32\mf.dll
2010-05-25 02:57:50 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-25 02:57:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-25 02:57:10 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 02:56:57 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-25 02:56:48 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-25 02:56:24 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-05-25 02:56:24 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-05-25 02:56:14 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-25 02:56:04 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-25 02:54:57 636928 ----a-w- c:\windows\system32\localspl.dll
2010-05-25 02:54:45 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-05-25 02:54:02 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-25 02:54:02 54784 ----a-w- c:\windows\system32\iasads.dll
2010-05-25 02:54:01 98304 ----a-w- c:\windows\system32\iasrecst.dll
2010-05-25 02:54:01 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-05-25 02:54:01 551424 ----a-w- c:\windows\system32\rpcss.dll
2010-05-25 02:54:01 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2010-05-25 02:54:01 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-05-25 02:54:01 183296 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-25 02:54:01 17408 ----a-w- c:\windows\system32\iashost.exe
2010-05-25 02:53:58 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-05-25 02:53:58 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-05-25 02:53:58 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-05-25 02:53:32 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-25 02:52:49 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-25 02:52:49 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-25 02:52:48 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-25 02:52:33 24064 ----a-w- c:\windows\system32\amxread.dll
2010-05-25 02:52:33 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-05-25 02:51:31 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-25 02:51:31 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-05-25 02:51:31 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-05-25 02:51:31 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-25 02:51:30 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-05-25 02:51:27 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-25 02:51:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-25 02:51:14 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-05-25 02:51:00 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-25 02:39:23 0 d-----w- c:\programdata\Intel
2010-05-25 02:38:19 0 d-----w- c:\program files\Cisco
2010-05-25 02:38:17 0 d-----w- c:\program files\common files\Intel
2010-05-25 02:37:48 0 d-----w- c:\users\dsmyth\appdata\roaming\Intel
2010-05-25 01:18:28 0 d-----w- c:\program files\SystemRequirementsLab
2010-05-24 08:31:01 0 d-----w- c:\program files\Model Maintenance
2010-05-24 08:29:19 0 d-----w- c:\program files\Client Variations
2010-05-24 08:29:06 0 d-----w- c:\program files\CBS3
2010-05-24 08:27:10 0 d-----w- c:\program files\Altiris
2010-05-24 08:23:07 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-05-24 08:23:07 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-05-24 08:23:06 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-05-24 08:23:06 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-05-24 08:23:06 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-05-24 08:23:06 11264 ----a-w- c:\windows\system32\icardres.dll
2010-05-24 08:23:04 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-05-24 08:23:02 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-05-24 08:16:16 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-05-24 08:16:14 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-05-24 08:16:11 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-05-24 08:16:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-05-24 08:15:59 83968 ----a-w- c:\windows\system32\mscories.dll
2010-05-24 08:12:44 0 d-----w- c:\users\dsmyth\appdata\roaming\CBS
2010-05-24 08:12:39 0 d-----w- c:\users\dsmyth\appdata\roaming\ABN
2010-05-24 08:05:24 286720 ------w- c:\windows\Setup1.exe
2010-05-24 08:05:21 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-24 08:05:19 1963 ----a-w- c:\windows\ST6UNST.000
2010-05-24 08:01:40 0 d-----w- c:\program files\AutoSketch
2010-05-24 08:01:15 282624 ----a-w- c:\windows\uninst.exe
2010-05-24 08:00:08 0 d-----w- c:\program files\Attachment Manager 2006
2010-05-24 07:55:10 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-05-24 07:54:44 0 d-----w- c:\programdata\Symantec
2010-05-24 07:54:44 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-24 07:52:56 0 d-----w- c:\program files\common files\Crystal Decisions
2010-05-24 07:51:50 0 d-----w- c:\program files\UltraVNC
2010-05-24 07:47:42 0 d-----w- c:\program files\PBDescriptions
2010-05-24 07:47:41 0 d-----w- c:\program files\eWorkOrder
2010-05-24 07:47:41 0 d-----w- c:\program files\eStatement
2010-05-24 07:47:37 0 d-----w- c:\program files\eOrder
2010-05-24 07:47:23 0 d-----w- c:\program files\CBS
2010-05-24 07:47:23 0 d-----w- c:\program files\ABN Common
2010-05-24 07:39:18 0 d-----w- c:\windows\wlansvc
2010-05-24 07:11:18 0 d-----w- c:\program files\vnc service
2010-05-24 06:07:34 0 d-----w- C:\Signatures
2010-05-24 04:07:48 0 d-----w- c:\windows\Panther
2010-05-24 03:19:28 2459 ----a-w- c:\windows\bthservsdp.dat
2010-05-23 14:13:52 0 d-----w- c:\program files\Citrix
2010-05-23 14:01:43 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-23 14:01:43 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-23 14:01:09 0 d-----w- c:\program files\iPod
2010-05-23 14:01:07 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-23 14:01:07 0 d-----w- c:\program files\iTunes
2010-05-23 14:00:06 0 d-----w- c:\programdata\Apple Computer
2010-05-23 13:58:11 0 d-----w- c:\programdata\Apple
2010-05-23 13:33:56 0 d-----w- c:\programdata\Adobe
2010-05-23 13:33:33 0 d-----w- c:\programdata\Google
2010-05-23 13:33:09 0 d-----w- c:\programdata\NOS
2010-05-23 13:30:32 0 d-----w- c:\windows\PCHEALTH
2010-05-23 13:28:01 0 d-----w- c:\program files\NVIDIA Corporation
2010-05-23 13:26:57 0 d-----w- c:\programdata\Microsoft Help
2010-05-23 13:25:39 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-05-23 13:25:38 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-23 13:20:02 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-23 13:19:49 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-23 13:19:41 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-23 13:19:41 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-23 13:18:51 0 d-----w- c:\programdata\Roaming
2010-05-23 13:17:19 0 d-sh--w- c:\windows\Installer
2010-05-23 13:13:27 299008 ----a-w- c:\windows\system32\drivers\yk60x86.sys
2010-05-23 13:13:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-19 04:41:13 0 d-----w- c:\program files\NCH Software
2010-05-16 10:29:53 0 d-----w- c:\program files\common files\ParetoLogic
2010-05-14 07:42:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 06:16:25 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2010-06-01 15:22:58 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-01 05:25:22 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-01 05:25:22 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-01 05:25:22 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-16 00:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 00:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-03 14:55:32 9386600 ----a-w- c:\windows\system32\nvd3dum.dll
2010-04-03 14:55:32 795104 ----a-w- c:\windows\system32\dpinst.exe
2010-04-03 14:55:32 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 14:55:32 4503144 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-04-03 14:55:32 4029544 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 14:55:32 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 14:55:32 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-03 14:55:32 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 14:55:32 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 14:55:32 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2010-04-03 14:55:32 1296488 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 14:55:32 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2008-01-21 02:30:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:01:13.34 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 06 June 2010 - 02:10 PM

Hello.

You mentioned about your IT department, is this computer part of a business or is owned by a business? Let me know as if it is, any problems if something happens is not our responsibility, but we are happy to assist and help you out the best we can.

The atapi.sys rootkit is related to the new TDL3 rootkit that has been going around recently. Let's see what we can do here.

Let's begin with Combofix.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 davesmyth

davesmyth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 06 June 2010 - 06:39 PM

Good Morning EB how are you?

I have run combo fix as suggested. please find the og below. this computer is not owned by a company it is my personal laptop whihc I have a few programs for work on so that I can work remotley. hope this helps.

let me know what to do next. I will always try to respond asap however you may have realised I am in australia so the time zones are very different

ComboFix 10-06-06.01 - dsmyth 07/06/2010 7:15.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.61.1033.18.3068.2369 [GMT 8:00]
Running from: c:\users\dsmyth\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 23:27 . 2010-06-06 23:29 -------- d-----w- c:\users\dsmyth\AppData\Local\temp
2010-06-06 23:27 . 2010-06-06 23:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-06 23:27 . 2010-06-06 23:27 -------- d-----w- c:\users\serviceman.wabdom\AppData\Local\temp
2010-06-06 23:27 . 2010-06-06 23:27 -------- d-----w- c:\users\DTJS\AppData\Local\temp
2010-06-06 23:27 . 2010-06-06 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-06 02:07 . 2010-06-06 02:07 -------- d-----r- c:\users\dsmyth\AppData\Roaming\Brother
2010-06-05 15:46 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-05 15:46 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-05 15:46 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-05 15:46 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-05 15:46 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-05 15:45 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-05 15:45 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-05 15:45 . 2010-06-05 15:45 -------- d-----w- c:\programdata\Alwil Software
2010-06-05 15:45 . 2010-06-05 15:45 -------- d-----w- c:\program files\Alwil Software
2010-06-05 15:00 . 2010-06-05 15:00 -------- d-----w- c:\program files\ESET
2010-06-05 03:39 . 2010-06-05 03:41 -------- d-----w- c:\windows\system32\catroot2
2010-06-05 02:35 . 2010-06-05 02:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-06-01 06:14 . 2010-06-01 06:14 -------- d-----w- c:\programdata\WindowsSearch
2010-06-01 05:23 . 2010-06-01 05:21 34399664 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng_web[1].exe
2010-06-01 05:23 . 2010-06-01 05:23 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-06-01 05:23 . 2010-06-01 05:23 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-06-01 05:23 . 2010-06-01 05:23 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-06-01 05:23 . 2010-06-01 05:23 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-06-01 05:17 . 2009-01-23 05:04 46592 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2010-05-31 06:14 . 2010-05-31 06:25 -------- d-----w- c:\users\dsmyth\AppData\Roaming\Nokia
2010-05-31 06:14 . 2010-05-31 06:14 -------- d-----w- c:\programdata\PC Suite
2010-05-31 06:13 . 2008-08-26 01:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-31 06:13 . 2010-05-31 06:13 -------- d-----w- c:\users\dsmyth\{1ab5ee16-853e-445c-8e40-1f5419d0aaf0}
2010-05-31 06:12 . 2009-12-30 03:30 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-05-31 06:12 . 2009-06-25 01:34 33775224 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_eng_web.exe
2010-05-31 06:11 . 2010-05-31 06:11 95232 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2010-05-31 06:11 . 2010-05-31 06:11 8192 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-31 06:11 . 2010-05-31 06:11 61440 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-31 06:11 . 2010-05-31 06:11 10240 ----a-w- c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-31 06:11 . 2010-06-01 05:21 -------- d-----w- c:\programdata\Installations
2010-05-29 02:12 . 2010-05-29 02:12 -------- d-----w- c:\users\dsmyth\AppData\Roaming\Malwarebytes
2010-05-29 02:01 . 2010-05-29 02:01 -------- d-----r- c:\windows\system32\config\systemprofile\AppData\Roaming\Brother
2010-05-29 02:00 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 02:00 . 2010-05-29 02:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-05-29 02:00 . 2010-05-29 02:00 -------- d-----w- c:\programdata\Malwarebytes
2010-05-29 02:00 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-29 01:58 . 2010-06-05 02:36 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Nitro PDF
2010-05-29 01:57 . 2010-05-29 02:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ICAClient
2010-05-28 05:33 . 2010-05-28 05:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\CBS
2010-05-28 05:33 . 2010-06-05 02:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-05-28 05:32 . 2010-05-28 05:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\RayV
2010-05-28 04:30 . 2010-05-28 04:52 -------- d-----w- c:\users\dsmyth\AppData\Roaming\ICAClient
2010-05-27 04:09 . 2010-05-27 04:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Citrix
2010-05-27 04:07 . 2010-05-27 04:07 -------- d-----w- c:\users\Default\AppData\Local\Symantec
2010-05-27 01:10 . 2010-05-29 02:12 -------- d-----w- c:\users\dsmyth\AppData\Roaming\RayV
2010-05-26 12:59 . 2010-05-26 12:59 -------- d-----w- c:\programdata\Brother
2010-05-26 12:59 . 2010-05-26 12:59 -------- d-----w- c:\users\dsmyth\AppData\Roaming\InstallShield
2010-05-26 11:02 . 2010-05-26 11:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-05-26 10:04 . 2010-06-05 14:53 -------- d-----w- c:\program files\LimeWire
2010-05-26 02:46 . 2010-06-04 02:33 -------- d-----w- c:\users\dsmyth\AppData\Roaming\Nitro PDF
2010-05-26 02:44 . 2009-12-16 01:50 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-05-26 02:44 . 2009-12-16 01:50 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-05-26 02:44 . 2010-05-26 02:44 -------- d-----w- c:\programdata\Nitro PDF
2010-05-26 02:44 . 2010-05-26 02:44 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-05-26 02:44 . 2010-05-26 02:44 -------- d-----w- c:\program files\Nitro PDF
2010-05-26 02:23 . 2010-05-26 02:23 -------- d-----w- c:\users\dsmyth\AppData\Roaming\Downloaded Installations
2010-05-25 07:15 . 2010-05-25 07:15 -------- d-----w- c:\users\dsmyth\AppData\Local\Apple
2010-05-25 03:45 . 2010-05-25 03:45 -------- d-----w- c:\windows\Sun
2010-05-25 03:44 . 2010-05-25 03:44 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 03:43 . 2010-05-25 03:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 03:43 . 2010-05-25 03:43 -------- d-----w- c:\program files\Java
2010-05-25 03:14 . 2010-06-06 05:40 -------- d-----w- c:\users\dsmyth\AppData\Local\CutePDF Writer
2010-05-25 03:05 . 2010-05-25 03:05 -------- d-----w- c:\program files\GPLGS
2010-05-25 03:03 . 2010-05-25 03:03 -------- d-----w- c:\program files\Acro Software
2010-05-25 03:03 . 2009-11-05 00:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-05-25 03:03 . 2010-05-25 03:03 -------- d-----w- c:\program files\Ask.com
2010-05-25 03:02 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 03:02 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-05-25 03:02 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-05-25 03:02 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-05-25 02:59 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2010-05-25 02:59 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-25 02:59 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-25 02:59 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-25 02:59 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-25 02:59 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-25 02:59 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-25 02:59 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-25 02:59 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-25 02:59 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-25 02:58 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2010-05-25 02:57 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-25 02:57 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-25 02:57 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 02:56 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-25 02:56 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-25 02:56 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-05-25 02:56 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-05-25 02:56 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-25 02:56 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-25 02:54 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2010-05-25 02:54 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-05-25 02:54 . 2009-03-03 04:37 54784 ----a-w- c:\windows\system32\iasads.dll
2010-05-25 02:54 . 2009-03-03 04:36 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-25 02:54 . 2009-03-03 04:39 183296 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-25 02:54 . 2009-03-03 04:39 551424 ----a-w- c:\windows\system32\rpcss.dll
2010-05-25 02:54 . 2009-03-03 04:39 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-05-25 02:54 . 2009-03-03 04:37 98304 ----a-w- c:\windows\system32\iasrecst.dll
2010-05-25 02:54 . 2009-03-03 04:37 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2010-05-25 02:54 . 2009-03-03 03:04 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-05-25 02:54 . 2009-03-03 02:38 17408 ----a-w- c:\windows\system32\iashost.exe
2010-05-25 02:53 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-05-25 02:53 . 2009-03-03 04:40 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-05-25 02:53 . 2009-03-03 02:16 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-05-25 02:52 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-25 02:52 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-25 02:52 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-25 02:52 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-05-25 02:52 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2010-05-25 02:51 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-05-25 02:51 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-05-25 02:51 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-25 02:51 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-25 02:51 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-05-25 02:51 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-25 02:39 . 2010-05-25 02:39 -------- d-----w- c:\programdata\Intel
2010-05-25 02:38 . 2010-05-25 02:38 -------- d-----w- c:\program files\Cisco
2010-05-25 02:38 . 2010-05-25 02:38 -------- d-----w- c:\program files\Common Files\Intel
2010-05-25 02:37 . 2010-05-25 02:37 -------- d-----w- c:\users\dsmyth\AppData\Roaming\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 15:22 . 2008-01-21 02:21 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-01 05:24 . 2010-04-05 02:47 -------- d-----w- c:\program files\PC Connectivity Solution
2010-05-26 13:00 . 2010-05-26 13:00 50 ----a-w- c:\windows\system32\bridf08a.dat
2010-05-26 13:00 . 2010-05-26 13:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 12:29 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2010-05-24 08:27 . 2010-05-24 08:27 -------- d-----w- c:\program files\Altiris
2010-05-23 13:39 . 2010-05-23 13:33 -------- d-----w- c:\programdata\NOS
2010-05-23 13:33 . 2010-05-23 13:26 -------- d-----w- c:\programdata\Microsoft Help
2010-05-23 13:33 . 2010-05-23 13:33 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-05-23 13:31 . 2010-05-23 13:31 -------- d-----w- c:\program files\Microsoft Works
2010-05-23 13:30 . 2010-05-23 13:30 -------- d-----w- c:\program files\Microsoft.NET
2010-05-23 13:29 . 2010-05-23 12:32 680 ----a-w- c:\users\DTJS\AppData\Local\d3d9caps.dat
2010-05-23 13:28 . 2010-05-23 13:28 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-23 13:13 . 2010-05-23 13:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-23 12:28 . 2006-11-02 13:00 1356 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2010-04-28 07:45 . 2010-04-28 07:45 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-24 00:51 . 2010-04-24 00:50 -------- d-----r- c:\program files\Skype
2010-04-24 00:50 . 2010-04-24 00:50 -------- d-----w- c:\program files\Common Files\Skype
2010-04-22 23:00 . 2010-04-22 23:00 -------- d-----w- c:\program files\RayV
2010-04-16 00:33 . 2010-04-16 00:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 00:33 . 2010-04-16 00:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"DagentUI"="c:\program files\Altiris\Dagent\dagentui.exe" [2009-08-11 554320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^dsmyth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\dsmyth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-02-19 00:22 1089536 ----a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 09:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 07:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 13:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2010-05-26 10:55 2561320 ----a-w- c:\program files\RayV\RayV\RayV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 03:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:21 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 135664]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
S1 aswSP;aswSP; [x]
S2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\Altiris\Dagent\dagent.exe [2009-08-11 1246544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-12-16 188736]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2009-12-06 1590216]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 14:05]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nba.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
.
.
------- File Associations -------
.
.scr=scr_auto_file
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 07:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\dsmyth\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87A04D01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x831c2322
\Driver\ACPI -> acpi.sys @ 0x8229cd4c
\Driver\atapi -> ataport.SYS @ 0x823a39a8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-07 07:32:54
ComboFix-quarantined-files.txt 2010-06-06 23:32

Pre-Run: 172,873,658,368 bytes free
Post-Run: 173,049,327,616 bytes free

- - End Of File - - C9E54C92F6FBD8A2357A534275A7EA3C


#6 davesmyth

davesmyth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 06 June 2010 - 06:50 PM

Hey EB I have just noticed another incredibly annoying symptom which I am not sure if they are related or not but I am struggling to log into anything through internet explorer be it my citrix account for work, my NBA.com account amongst others. it just looks like it is doing something and then goes back to the log in page as if nothing has happened.... any thoughts?

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 06 June 2010 - 06:51 PM

Hello again,

No problem regarding delays. I live in Canada so yes, there would be some time zone differences. I don't close topics until I don't hear from you for a week. If you need more time to complete a set of instructions, just let me know. smile.gif

Let's continue.

Download and Run TDSSKiller
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 davesmyth

davesmyth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 06 June 2010 - 07:06 PM

Hey again. seems we are up at the same time which is a good start. I have run both scans ans attached below. I don't know if you saw the post I just made about not been able to log into anything but I am not sure if this is a result of something but it is doing my head in.


TDSSKiller log... I did not restart as you hadn't said to so let me know if I should be doing this

07:55:28:301 4952 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
07:55:28:301 4952 ================================================================================
07:55:28:301 4952 SystemInfo:

07:55:28:301 4952 OS Version: 6.0.6001 ServicePack: 1.0
07:55:28:301 4952 Product type: Workstation
07:55:28:301 4952 ComputerName: DAVIDSMYTH
07:55:28:302 4952 UserName: dsmyth
07:55:28:302 4952 Windows directory: C:\Windows
07:55:28:302 4952 Processor architecture: Intel x86
07:55:28:302 4952 Number of processors: 2
07:55:28:302 4952 Page size: 0x1000
07:55:28:303 4952 Boot type: Normal boot
07:55:28:303 4952 ================================================================================
07:55:28:611 4952 Initialize success
07:55:28:612 4952
07:55:28:612 4952 Scanning Services ...
07:55:29:530 4952 Raw services enum returned 431 services
07:55:29:542 4952
07:55:29:542 4952 Scanning Drivers ...
07:55:30:343 4952 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
07:55:30:469 4952 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
07:55:30:578 4952 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
07:55:30:654 4952 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
07:55:30:687 4952 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
07:55:30:761 4952 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
07:55:30:844 4952 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
07:55:30:898 4952 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
07:55:30:989 4952 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
07:55:31:029 4952 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
07:55:31:087 4952 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
07:55:31:167 4952 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
07:55:31:211 4952 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
07:55:31:295 4952 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
07:55:31:437 4952 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
07:55:31:496 4952 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\Windows\system32\drivers\aswFsBlk.sys
07:55:31:523 4952 aswMonFlt (58254e06b36b984e33ae314c0ea8f1a5) C:\Windows\system32\drivers\aswMonFlt.sys
07:55:31:604 4952 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\Windows\system32\drivers\aswRdr.sys
07:55:31:663 4952 aswSP (d78b644816db540e103d0b0766fd9967) C:\Windows\system32\drivers\aswSP.sys
07:55:31:708 4952 aswTdi (606d731008d98b6ef946730c597c1642) C:\Windows\system32\drivers\aswTdi.sys
07:55:31:838 4952 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
07:55:31:886 4952 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
07:55:31:910 4952 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
07:55:32:004 4952 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
07:55:32:054 4952 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
07:55:32:083 4952 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
07:55:32:166 4952 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
07:55:32:221 4952 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
07:55:32:319 4952 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
07:55:32:372 4952 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
07:55:32:410 4952 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
07:55:32:529 4952 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
07:55:32:569 4952 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
07:55:32:688 4952 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
07:55:32:842 4952 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
07:55:32:919 4952 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
07:55:33:044 4952 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
07:55:33:101 4952 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
07:55:33:150 4952 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
07:55:33:196 4952 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
07:55:33:280 4952 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
07:55:33:334 4952 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
07:55:33:409 4952 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
07:55:33:476 4952 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
07:55:33:557 4952 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
07:55:33:592 4952 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
07:55:33:665 4952 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
07:55:33:788 4952 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
07:55:33:808 4952 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
07:55:33:846 4952 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
07:55:33:915 4952 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
07:55:33:980 4952 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
07:55:34:050 4952 Ecache (02c10fcb003bd7c58bce1c81578dc973) C:\Windows\system32\drivers\ecache.sys
07:55:34:051 4952 Suspicious file (Forged): C:\Windows\system32\drivers\ecache.sys. Real md5: 02c10fcb003bd7c58bce1c81578dc973, Fake md5: 6a7891c79edf1c3bf7418a5fac044d23
07:55:34:051 4952 File "C:\Windows\system32\drivers\ecache.sys" infected by TDSS rootkit ... 07:55:34:176 4952 Backup copy not found, trying to cure infected file..
07:55:34:176 4952 Cure success, using it..
07:55:34:185 4952 will be cured on next reboot
07:55:34:470 4952 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
07:55:34:610 4952 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
07:55:34:646 4952 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
07:55:34:769 4952 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
07:55:34:800 4952 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
07:55:34:830 4952 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
07:55:34:931 4952 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
07:55:34:965 4952 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
07:55:35:019 4952 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
07:55:35:111 4952 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
07:55:35:136 4952 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
07:55:35:170 4952 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
07:55:35:277 4952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:55:35:323 4952 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
07:55:35:448 4952 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:55:35:517 4952 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
07:55:35:608 4952 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
07:55:35:653 4952 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
07:55:35:737 4952 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
07:55:35:781 4952 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
07:55:35:848 4952 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
07:55:35:970 4952 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
07:55:36:009 4952 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
07:55:36:112 4952 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
07:55:36:146 4952 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
07:55:36:170 4952 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
07:55:36:300 4952 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
07:55:36:331 4952 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
07:55:36:406 4952 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:55:36:470 4952 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
07:55:36:495 4952 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:55:36:535 4952 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:55:36:834 4952 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
07:55:37:069 4952 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
07:55:37:233 4952 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:55:37:268 4952 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:55:37:357 4952 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:55:37:453 4952 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
07:55:37:526 4952 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
07:55:37:653 4952 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
07:55:37:756 4952 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:55:37:841 4952 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
07:55:37:882 4952 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
07:55:37:981 4952 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
07:55:38:181 4952 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:55:38:224 4952 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
07:55:38:405 4952 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
07:55:38:563 4952 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:55:38:608 4952 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:55:38:636 4952 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:55:38:726 4952 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
07:55:38:758 4952 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:55:38:797 4952 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
07:55:38:828 4952 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:55:38:954 4952 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:55:38:996 4952 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
07:55:39:146 4952 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:55:39:185 4952 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:55:39:354 4952 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:55:40:104 4952 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
07:55:40:284 4952 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
07:55:40:360 4952 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:55:40:415 4952 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:55:40:450 4952 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:55:40:489 4952 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:55:40:530 4952 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:55:40:601 4952 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
07:55:40:682 4952 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:55:40:743 4952 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:55:40:804 4952 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
07:55:40:829 4952 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
07:55:40:910 4952 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
07:55:41:012 4952 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:55:41:046 4952 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:55:41:110 4952 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
07:55:41:201 4952 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:55:41:241 4952 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:55:41:274 4952 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
07:55:41:816 4952 NETw5v32 (feb745e4669476c8d368f6c1ca7c7442) C:\Windows\system32\DRIVERS\NETw5v32.sys
07:55:41:999 4952 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:55:42:035 4952 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
07:55:42:071 4952 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:55:42:330 4952 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
07:55:42:465 4952 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:55:42:488 4952 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:55:42:814 4952 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:55:42:994 4952 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
07:55:43:016 4952 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
07:55:43:133 4952 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
07:55:43:194 4952 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
07:55:43:302 4952 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:55:43:337 4952 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
07:55:43:356 4952 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:55:43:462 4952 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
07:55:43:509 4952 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
07:55:43:556 4952 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
07:55:43:656 4952 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
07:55:43:731 4952 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:55:43:851 4952 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:55:43:883 4952 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
07:55:43:915 4952 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
07:55:44:054 4952 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
07:55:44:174 4952 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:55:44:206 4952 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:55:44:231 4952 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:55:44:261 4952 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:55:44:370 4952 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
07:55:44:507 4952 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
07:55:44:587 4952 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
07:55:44:636 4952 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:55:44:666 4952 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
07:55:44:766 4952 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:55:44:823 4952 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
07:55:44:912 4952 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
07:55:44:962 4952 risdptsk (1be6c42767a7c67ba31ae32b293b37a3) C:\Windows\system32\DRIVERS\risdptsk.sys
07:55:45:015 4952 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:55:45:158 4952 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:55:45:240 4952 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
07:55:45:346 4952 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:55:45:398 4952 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:55:45:466 4952 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:55:45:511 4952 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:55:45:590 4952 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
07:55:45:666 4952 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
07:55:45:705 4952 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
07:55:45:769 4952 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
07:55:45:849 4952 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
07:55:45:896 4952 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
07:55:45:967 4952 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
07:55:46:071 4952 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
07:55:46:140 4952 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:55:46:227 4952 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
07:55:46:280 4952 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
07:55:46:348 4952 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
07:55:46:382 4952 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
07:55:46:420 4952 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:55:46:450 4952 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:55:46:548 4952 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:55:46:562 4952 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:55:46:668 4952 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
07:55:46:752 4952 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
07:55:46:808 4952 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
07:55:46:824 4952 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:55:46:848 4952 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:55:46:919 4952 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
07:55:46:963 4952 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
07:55:46:997 4952 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:55:47:022 4952 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:55:47:100 4952 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
07:55:47:156 4952 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
07:55:47:296 4952 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
07:55:47:389 4952 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
07:55:47:478 4952 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
07:55:47:516 4952 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:55:47:589 4952 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:55:47:634 4952 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:55:47:730 4952 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
07:55:47:774 4952 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
07:55:47:813 4952 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
07:55:47:890 4952 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
07:55:47:940 4952 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
07:55:47:981 4952 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
07:55:48:062 4952 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
07:55:48:120 4952 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:55:48:160 4952 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
07:55:48:243 4952 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
07:55:48:292 4952 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
07:55:48:382 4952 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:55:48:414 4952 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
07:55:48:471 4952 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
07:55:48:556 4952 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
07:55:48:611 4952 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:55:48:676 4952 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
07:55:48:756 4952 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
07:55:48:820 4952 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
07:55:48:913 4952 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:55:48:972 4952 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:55:48:975 4952 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:55:49:002 4952 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
07:55:49:048 4952 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
07:55:49:154 4952 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
07:55:49:263 4952 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
07:55:49:300 4952 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:55:49:339 4952 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:55:49:605 4952 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
07:55:49:608 4952 Reboot required for cure complete..
07:55:49:944 4952 Cure on reboot scheduled successfully
07:55:49:944 4952
07:55:49:944 4952 Completed
07:55:49:945 4952
07:55:49:945 4952 Results:
07:55:49:945 4952 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
07:55:49:946 4952 File objects infected / cured / cured on reboot: 1 / 0 / 1
07:55:49:946 4952
07:55:49:948 4952 KLMD(ARK) unloaded successfully

OTL.txt

OTL logfile created on: 7/06/2010 7:58:01 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\dsmyth\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.99 Gb Total Space | 161.20 Gb Free Space | 56.37% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVIDSMYTH
Current User Name: dsmyth
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/07 07:57:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\dsmyth\Desktop\OTL.exe
PRC - [2010/05/07 04:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/19 17:00:26 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/01/19 16:41:46 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/12/07 00:19:00 | 001,590,216 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2009/08/11 17:48:10 | 001,246,544 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Dagent\dagent.exe
PRC - [2008/01/21 10:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/10/27 15:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE


========== Modules (SafeList) ==========

MOD - [2010/06/07 07:57:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\dsmyth\Desktop\OTL.exe
MOD - [2008/01/21 10:22:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 10:21:54 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (Altiris Deployment Agent)
SRV - [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/07 04:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/19 17:00:26 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/01/19 16:41:46 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009/12/07 00:19:00 | 001,590,216 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service)
SRV - [2008/01/21 10:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/06/07 07:55:34 | 000,143,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\tskFEC8.tmp -- (Ecache)
DRV - [2010/05/07 04:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/07 04:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/07 04:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/07 04:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/07 04:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/13 08:29:56 | 006,628,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/01/23 13:04:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2009/01/23 12:59:46 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/01/21 10:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 10:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 10:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 10:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 10:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 10:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 10:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 10:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 10:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 10:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 10:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 10:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 10:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 10:21:31 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/21 10:21:31 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/21 10:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 10:21:31 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 10:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 10:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 10:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 10:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 10:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 10:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 10:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 10:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 10:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 10:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 10:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 17:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 17:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 17:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 17:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 17:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 17:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 17:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 17:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 17:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 17:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 16:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 16:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 16:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 16:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 16:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 16:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 15:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-108481844-1914207947-809591456-49483\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
IE - HKU\S-1-5-21-108481844-1914207947-809591456-49483\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-108481844-1914207947-809591456-49483\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[2010/05/26 18:06:03 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\mozilla\Extensions
[2010/05/26 18:06:03 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DagentUI] C:\Program Files\Altiris\Dagent\dagentui.exe (Altiris, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-108481844-1914207947-809591456-49483\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-108481844-1914207947-809591456-49483\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-108481844-1914207947-809591456-49483\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = abn.group
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\dsmyth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\dsmyth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 10:32:53 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^dsmyth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\PROGRA~1\LimeWire\LimeWire.exe - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RayV - hkey= - key= - C:\Program Files\RayV\RayV\RayV.exe (RayV)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: klmdb.sys - C:\Windows\System32\drivers\klmdb.sys (Kaspersky Lab, SLA)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: klmdb.sys - C:\Windows\System32\drivers\klmdb.sys (Kaspersky Lab, SLA)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/06/07 07:57:02 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\dsmyth\Desktop\OTL.exe
[2010/06/07 07:55:49 | 000,052,432 | ---- | C] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmdb.sys
[2010/06/07 07:54:38 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\Desktop\tdsskiller
[2010/06/07 07:33:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/07 07:33:08 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Local\temp
[2010/06/07 07:04:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/07 07:04:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/07 07:04:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/07 07:04:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/07 07:03:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/07 07:03:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/06 10:07:58 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\AppData\Roaming\Brother
[2010/06/05 23:46:30 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/05 23:46:29 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/05 23:46:28 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/05 23:46:27 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/05 23:46:24 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/05 23:45:38 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/05 23:45:38 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/06/05 23:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/06/05 23:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/05 23:17:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/06/05 23:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/05 11:39:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/06/01 23:31:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/01 14:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/06/01 13:17:43 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2010/05/31 14:14:14 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Nokia
[2010/05/31 14:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/05/31 14:13:47 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/05/31 14:13:07 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\{1ab5ee16-853e-445c-8e40-1f5419d0aaf0}
[2010/05/31 14:12:27 | 000,091,136 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010/05/31 14:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/05/31 10:41:12 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Users\dsmyth\Desktop\TDSSKiller.exe
[2010/05/30 13:10:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/05/29 10:12:22 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Malwarebytes
[2010/05/29 10:00:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/29 10:00:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/29 10:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/28 12:30:51 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\ICAClient
[2010/05/27 09:10:44 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\RayV
[2010/05/26 21:00:56 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll
[2010/05/26 21:00:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2010/05/26 21:00:36 | 000,102,400 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll
[2010/05/26 21:00:34 | 000,126,976 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05a.dll
[2010/05/26 21:00:32 | 000,063,488 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll
[2010/05/26 21:00:32 | 000,057,856 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll
[2010/05/26 21:00:32 | 000,042,496 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll
[2010/05/26 21:00:29 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2010/05/26 21:00:29 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2010/05/26 21:00:29 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2010/05/26 21:00:29 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2010/05/26 21:00:22 | 000,167,936 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2010/05/26 21:00:16 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/26 20:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2010/05/26 20:59:42 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\InstallShield
[2010/05/26 18:06:03 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Mozilla
[2010/05/26 18:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/05/26 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Nitro PDF
[2010/05/26 10:44:37 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon.dll
[2010/05/26 10:44:37 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui.dll
[2010/05/26 10:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2010/05/26 10:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2010/05/26 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/05/26 10:23:02 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Downloaded Installations
[2010/05/25 15:15:03 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Local\Apple
[2010/05/25 11:45:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/25 11:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/25 11:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/25 11:43:36 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/25 11:43:36 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/25 11:43:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/25 11:43:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/25 11:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/25 11:14:12 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Local\CutePDF Writer
[2010/05/25 11:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2010/05/25 11:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/05/25 11:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/05/25 11:02:25 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/25 11:02:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/05/25 11:02:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/05/25 11:02:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/05/25 11:00:19 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/05/25 11:00:19 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/05/25 11:00:19 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/05/25 11:00:18 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/05/25 11:00:17 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/05/25 11:00:17 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/05/25 11:00:16 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/05/25 11:00:16 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/05/25 11:00:16 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/05/25 11:00:16 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/25 11:00:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/05/25 11:00:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/05/25 10:59:41 | 002,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/05/25 10:59:21 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/05/25 10:58:24 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/05/25 10:58:22 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/05/25 10:57:50 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/25 10:57:49 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/25 10:57:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/25 10:56:57 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/25 10:56:24 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/05/25 10:56:24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/05/25 10:54:57 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/05/25 10:54:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/05/25 10:54:02 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/05/25 10:54:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/05/25 10:54:01 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/05/25 10:54:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/05/25 10:54:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/05/25 10:54:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/05/25 10:54:01 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010/05/25 10:53:32 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/05/25 10:53:25 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/05/25 10:52:33 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/05/25 10:52:33 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/05/25 10:51:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/05/25 10:51:31 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/05/25 10:51:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/05/25 10:51:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/05/25 10:51:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/05/25 10:51:26 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/05/25 10:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010/05/25 10:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2010/05/25 10:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/05/25 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Intel
[2010/05/25 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/05/25 09:09:53 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Local\Apple Computer
[2010/05/24 16:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Model Maintenance
[2010/05/24 16:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Client Variations
[2010/05/24 16:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\CBS3
[2010/05/24 16:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Altiris
[2010/05/24 16:23:07 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/05/24 16:23:07 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/05/24 16:23:06 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/05/24 16:23:06 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/05/24 16:23:06 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/05/24 16:23:06 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/05/24 16:23:04 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/05/24 16:23:02 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/05/24 16:16:11 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/05/24 16:16:03 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/05/24 16:15:59 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/05/24 16:12:44 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\CBS
[2010/05/24 16:12:39 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\ABN
[2010/05/24 16:05:24 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/05/24 16:05:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/05/24 16:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\AutoSketch
[2010/05/24 16:01:15 | 000,282,624 | ---- | C] (Stirling Technologies, Inc.) -- C:\Windows\uninst.exe
[2010/05/24 16:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Attachment Manager 2006
[2010/05/24 15:59:41 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Local\Symantec
[2010/05/24 15:55:10 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL
[2010/05/24 15:55:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2010/05/24 15:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/24 15:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/05/24 15:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2010/05/24 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2010/05/24 15:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\PBDescriptions
[2010/05/24 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\eWorkOrder
[2010/05/24 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\eStatement
[2010/05/24 15:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\eOrder
[2010/05/24 15:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\CBS
[2010/05/24 15:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\ABN Common
[2010/05/24 15:39:18 | 000,000,000 | ---D | C] -- C:\Windows\wlansvc
[2010/05/24 15:17:12 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Google
[2010/05/24 15:17:12 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Local\Google
[2010/05/24 15:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\vnc service
[2010/05/24 15:07:43 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Adobe
[2010/05/24 15:07:43 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Local\Adobe
[2010/05/24 14:32:34 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Apple Computer
[2010/05/24 14:32:22 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Local\Citrix
[2010/05/24 14:32:14 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Searches
[2010/05/24 14:32:02 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Identities
[2010/05/24 14:32:00 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Contacts
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\AppData\Local\Temporary Internet Files
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\Templates
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\Start Menu
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\SendTo
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\Recent
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\PrintHood
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\NetHood
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\Documents\My Videos
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\Documents\My Pictures
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\Documents\My Music
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\My Documents
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\Local Settings
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\AppData\Local\History
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\Cookies
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\Application Data
[2010/05/24 14:27:50 | 000,000,000 | -HSD | C] -- C:\Users\dsmyth\AppData\Local\Application Data
[2010/05/24 14:27:49 | 000,000,000 | --SD | C] -- C:\Users\dsmyth\AppData\Roaming\Microsoft
[2010/05/24 14:27:49 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Videos
[2010/05/24 14:27:49 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Saved Games
[2010/05/24 14:27:49 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Pictures
[2010/05/24 14:27:49 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Music
[2010/05/24 14:27:49 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Links
[2010/05/24 14:27:49 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Favorites
[2010/05/24 14:27:49 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Downloads
[2010/05/24 14:27:49 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Documents
[2010/05/24 14:27:49 | 000,000,000 | R--D | C] -- C:\Users\dsmyth\Desktop
[2010/05/24 14:27:49 | 000,000,000 | -H-D | C] -- C:\Users\dsmyth\AppData
[2010/05/24 14:27:49 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\Roaming
[2010/05/24 14:27:49 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Local\Microsoft
[2010/05/24 14:27:49 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Media Center Programs
[2010/05/24 14:27:49 | 000,000,000 | ---D | C] -- C:\Users\dsmyth\AppData\Roaming\Macromedia
[2010/05/24 14:07:34 | 000,000,000 | ---D | C] -- C:\Signatures
[2010/05/24 12:07:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/05/24 11:27:53 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/05/24 11:19:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/05/24 11:17:02 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010/05/24 11:08:50 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/05/23 22:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/05/23 22:01:43 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/05/23 22:01:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/05/23 22:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/23 22:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/23 22:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/23 22:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/23 22:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/05/23 21:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/23 21:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/05/23 21:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/23 21:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/23 21:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/23 21:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/23 21:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/05/23 21:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/05/23 21:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/23 21:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/05/23 21:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/23 21:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/23 21:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/23 21:30:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/05/23 21:30:32 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/23 21:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/23 21:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/05/23 21:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/23 21:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/23 21:20:02 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/05/23 21:20:02 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/05/23 21:19:49 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/05/23 21:19:49 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/05/23 21:19:49 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/05/23 21:19:41 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/05/23 21:19:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/05/23 21:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2010/05/23 21:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/23 21:17:19 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/05/23 21:13:27 | 000,299,008 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys
[2010/05/19 12:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/05/16 18:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/05/14 15:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/13 14:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/07 07:57:22 | 003,407,872 | -HS- | M] () -- C:\Users\dsmyth\NTUSER.DAT
[2010/06/07 07:57:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\dsmyth\Desktop\OTL.exe
[2010/06/07 07:55:49 | 000,052,432 | ---- | M] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmdb.sys
[2010/06/07 07:54:41 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Users\dsmyth\Desktop\TDSSKiller.exe
[2010/06/07 07:54:23 | 000,966,213 | ---- | M] () -- C:\Users\dsmyth\Desktop\tdsskiller.zip
[2010/06/07 07:28:56 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/07 07:18:37 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/07 07:18:37 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/07 07:18:37 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/07 07:15:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/07 07:12:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/07 07:12:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/07 07:12:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/07 07:12:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/07 07:12:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/07 07:10:58 | 000,524,288 | -HS- | M] () -- C:\Users\dsmyth\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/06/07 07:10:58 | 000,065,536 | -HS- | M] () -- C:\Users\dsmyth\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/06/07 07:10:41 | 000,002,459 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/07 07:03:32 | 003,703,394 | R--- | M] () -- C:\Users\dsmyth\Desktop\ComboFix.exe
[2010/06/06 23:34:20 | 000,000,121 | ---- | M] () -- C:\Users\dsmyth\Desktop\Citrix @ Home.url
[2010/06/06 16:47:58 | 002,014,719 | -H-- | M] () -- C:\Users\dsmyth\AppData\Local\IconCache.db
[2010/06/06 13:40:14 | 000,047,980 | ---- | M] () -- C:\Users\dsmyth\Desktop\Amari.pdf
[2010/06/06 13:36:32 | 000,044,117 | ---- | M] () -- C:\Users\dsmyth\Desktop\Sanctuary.pdf
[2010/06/05 23:46:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/06/05 14:26:59 | 000,378,880 | ---- | M] () -- C:\Users\dsmyth\Desktop\DAH Construction Report.xls
[2010/06/03 19:32:07 | 253,349,364 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/02 11:54:39 | 000,014,336 | ---- | M] () -- C:\Users\dsmyth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 10:25:44 | 000,002,405 | ---- | M] () -- C:\Users\Public\Desktop\Attachment Manager 2006.lnk
[2010/05/31 12:10:37 | 000,040,448 | ---- | M] () -- C:\Users\dsmyth\Desktop\David smyth Leads (2).xls
[2010/05/26 21:01:48 | 000,000,245 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2010/05/26 21:01:48 | 000,000,094 | ---- | M] () -- C:\Windows\brpcfx.ini
[2010/05/26 21:01:33 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/05/26 21:01:33 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/05/26 21:00:56 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2010/05/26 21:00:56 | 000,000,050 | ---- | M] () -- C:\Windows\System32\bridf08a.dat
[2010/05/26 11:47:50 | 000,078,336 | ---- | M] () -- C:\Users\dsmyth\Desktop\Leadership Group.xls
[2010/05/25 11:43:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/25 11:43:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/25 11:43:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/25 11:43:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/25 11:27:23 | 000,370,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/24 16:29:10 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\CBS.lnk
[2010/05/24 16:05:53 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010/05/24 16:05:24 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010/05/24 16:05:24 | 000,001,963 | ---- | M] () -- C:\Windows\ST6UNST.000
[2010/05/24 16:05:21 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010/05/24 15:39:17 | 000,006,032 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/24 15:05:16 | 000,004,498 | RHS- | M] () -- C:\Users\dsmyth\ntuser.pol
[2010/05/24 14:36:54 | 000,524,288 | -HS- | M] () -- C:\Users\dsmyth\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010/05/24 14:32:27 | 000,099,864 | ---- | M] () -- C:\Users\dsmyth\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/24 14:27:50 | 000,000,020 | -HS- | M] () -- C:\Users\dsmyth\ntuser.ini
[2010/05/24 11:20:11 | 000,049,052 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/05/23 21:13:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/07 07:54:06 | 000,966,213 | ---- | C] () -- C:\Users\dsmyth\Desktop\tdsskiller.zip
[2010/06/07 07:04:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/07 07:04:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/07 07:04:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/07 07:04:42 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/07 07:04:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/07 07:03:09 | 003,703,394 | R--- | C] () -- C:\Users\dsmyth\Desktop\ComboFix.exe
[2010/06/06 13:40:23 | 000,047,980 | ---- | C] () -- C:\Users\dsmyth\Desktop\Amari.pdf
[2010/06/06 13:36:41 | 000,044,117 | ---- | C] () -- C:\Users\dsmyth\Desktop\Sanctuary.pdf
[2010/06/03 00:39:50 | 253,349,364 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/01 21:15:52 | 000,378,880 | ---- | C] () -- C:\Users\dsmyth\Desktop\DAH Construction Report.xls
[2010/05/31 12:10:36 | 000,040,448 | ---- | C] () -- C:\Users\dsmyth\Desktop\David smyth Leads (2).xls
[2010/05/26 21:01:48 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/05/26 21:01:48 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/05/26 21:01:33 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/05/26 21:01:33 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/05/26 21:00:56 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08a.dat
[2010/05/26 21:00:35 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/05/26 21:00:34 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/05/26 21:00:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010/05/26 11:47:50 | 000,078,336 | ---- | C] () -- C:\Users\dsmyth\Desktop\Leadership Group.xls
[2010/05/25 11:03:52 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/05/25 11:01:32 | 000,014,336 | ---- | C] () -- C:\Users\dsmyth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 16:29:10 | 000,000,743 | ---- | C] () -- C:\Users\Public\Desktop\CBS.lnk
[2010/05/24 16:05:19 | 000,001,963 | ---- | C] () -- C:\Windows\ST6UNST.000
[2010/05/24 16:00:08 | 000,002,405 | ---- | C] () -- C:\Users\Public\Desktop\Attachment Manager 2006.lnk
[2010/05/24 15:07:49 | 000,249,344 | ---- | C] () -- C:\Users\dsmyth\Desktop\May 10 Promotions.doc
[2010/05/24 15:07:49 | 000,002,033 | ---- | C] () -- C:\Users\dsmyth\Desktop\Master Plans.lnk
[2010/05/24 15:07:49 | 000,002,008 | ---- | C] () -- C:\Users\dsmyth\Desktop\SALES.lnk
[2010/05/24 15:07:49 | 000,001,810 | ---- | C] () -- C:\Users\dsmyth\Desktop\Footy Tipper 2010.lnk
[2010/05/24 15:07:49 | 000,001,389 | ---- | C] () -- C:\Users\dsmyth\Desktop\Land Estates.lnk
[2010/05/24 15:07:49 | 000,001,255 | ---- | C] () -- C:\Users\dsmyth\Desktop\My Stuff.lnk
[2010/05/24 15:07:49 | 000,000,323 | ---- | C] () -- C:\Users\dsmyth\Desktop\Proxy Work.reg
[2010/05/24 15:07:49 | 000,000,279 | ---- | C] () -- C:\Users\dsmyth\Desktop\Proxy Home.reg
[2010/05/24 15:07:48 | 000,001,384 | ---- | C] () -- C:\Users\dsmyth\Desktop\Auto sketch.lnk
[2010/05/24 15:07:48 | 000,001,362 | ---- | C] () -- C:\Users\dsmyth\Desktop\Clients.lnk
[2010/05/24 15:07:48 | 000,000,392 | ---- | C] () -- C:\Users\dsmyth\Desktop\Work Docs.lnk
[2010/05/24 15:07:48 | 000,000,129 | ---- | C] () -- C:\Users\dsmyth\Desktop\Citrix @ Work.url
[2010/05/24 15:07:48 | 000,000,121 | ---- | C] () -- C:\Users\dsmyth\Desktop\Citrix @ Home.url
[2010/05/24 14:27:56 | 000,004,498 | RHS- | C] () -- C:\Users\dsmyth\ntuser.pol
[2010/05/24 14:27:50 | 000,000,020 | -HS- | C] () -- C:\Users\dsmyth\ntuser.ini
[2010/05/24 14:27:49 | 003,407,872 | -HS- | C] () -- C:\Users\dsmyth\NTUSER.DAT
[2010/05/24 14:27:49 | 000,524,288 | -HS- | C] () -- C:\Users\dsmyth\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2010/05/24 14:27:49 | 000,524,288 | -HS- | C] () -- C:\Users\dsmyth\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/05/24 14:27:49 | 000,262,144 | -H-- | C] () -- C:\Users\dsmyth\ntuser.dat.LOG1
[2010/05/24 14:27:49 | 000,065,536 | -HS- | C] () -- C:\Users\dsmyth\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/05/24 14:27:49 | 000,000,000 | -H-- | C] () -- C:\Users\dsmyth\ntuser.dat.LOG2
[2010/05/24 14:27:09 | 000,006,032 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/24 11:19:28 | 000,002,459 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/05/23 22:05:40 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/23 22:05:36 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 21:13:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008/01/21 10:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/01/21 10:21:47 | 000,143,416 | ---- | C] () -- C:\Windows\System32\drivers\ecache.sys
[2006/11/02 20:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/05/24 16:12:39 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\ABN
[2010/05/25 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\CBS
[2010/05/26 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Downloaded Installations
[2010/05/28 12:52:45 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\ICAClient
[2010/06/04 10:33:56 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Nitro PDF
[2010/05/31 14:25:49 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Nokia
[2010/05/29 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\RayV
[2010/05/23 22:49:40 | 000,000,000 | ---D | M] -- C:\Users\DTJS\AppData\Roaming\ICAClient
[2010/06/07 07:10:42 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/05/24 16:12:39 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\ABN
[2010/05/24 15:18:35 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Adobe
[2010/05/25 09:16:28 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Apple Computer
[2010/06/06 10:07:58 | 000,000,000 | R--D | M] -- C:\Users\dsmyth\AppData\Roaming\Brother
[2010/05/25 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\CBS
[2010/05/26 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Downloaded Installations
[2010/05/24 15:48:37 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Google
[2010/05/28 12:52:45 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\ICAClient
[2010/05/24 14:32:02 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Identities
[2010/05/26 20:59:42 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\InstallShield
[2010/05/25 10:37:48 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Intel
[2010/05/23 21:33:56 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Macromedia
[2010/05/29 10:12:22 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Malwarebytes
[2006/11/02 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Media Center Programs
[2010/06/04 09:27:05 | 000,000,000 | --SD | M] -- C:\Users\dsmyth\AppData\Roaming\Microsoft
[2010/05/26 18:06:03 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Mozilla
[2010/06/04 10:33:56 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Nitro PDF
[2010/05/31 14:25:49 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\Nokia
[2010/05/29 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\dsmyth\AppData\Roaming\RayV

< %APPDATA%\*.exe /s >
[2010/02/01 09:45:40 | 000,038,784 | ---- | M] () -- C:\Users\dsmyth\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/05/24 15:53:19 | 000,004,608 | R--- | M] () -- C:\Users\dsmyth\AppData\Roaming\Microsoft\Installer\{91488E0E-F5B4-426B-A11C-D7D24A2B518D}\IconRegWiz.6F2B3983_59B8_11D3_B360_00A0C9DA500E.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 10:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/21 10:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 10:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 10:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 17:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010/06/01 23:22:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2010/06/01 23:22:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 10:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 10:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 17:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 10:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 10:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 10:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 17:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 10:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/21 10:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 10:22:13 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 17:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 10:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 10:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 10:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 10:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/21 10:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 10:22:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/21 10:22:35 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/21 10:22:35 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/21 10:22:49 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 10:22:45 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/01/21 10:22:31 | 000,441,344 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
< End of report >

OTL Extras logfile created on: 7/06/2010 7:58:01 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\dsmyth\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.99 Gb Total Space | 161.20 Gb Free Space | 56.37% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVIDSMYTH
Current User Name: dsmyth
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-108481844-1914207947-809591456-49483\SOFTWARE\Classes\<extension>]
.scr [@ = scr_auto_file] -- C:\Program Files\Windows NT\Accessories\WORDPAD.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10C0FF95-8378-4D7C-8798-EF0101F6DDA0}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F71B3CA-0872-4052-A5A6-6C4DDD3BA3F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{309814C8-8418-4829-ADFA-E58E7FA810E3}" = rport=139 | protocol=6 | dir=out | app=system |
"{30EC3D55-D1F9-461F-803A-253F0047195C}" = lport=137 | protocol=17 | dir=in | app=system |
"{384058D3-F374-44AA-AB68-8313A94F7BCE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{389DE5A1-EB65-4F7C-B0B0-0DE0B32DB529}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{417BF723-7860-4B26-BAAD-6E42BBBE8D2C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{616E8CEF-39A0-4716-85F1-D59A174DCEE2}" = lport=138 | protocol=17 | dir=in | app=system |
"{646FED8C-26CD-4000-AA74-7A933369FCA6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{66DD1DD7-24A3-4A88-A230-F804B999A653}" = rport=137 | protocol=17 | dir=out | app=system |
"{825F22CA-6487-4D3C-AB67-664D13AC3968}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{847FD169-9D51-415A-82F6-79E0B85D96EE}" = lport=139 | protocol=6 | dir=in | app=system |
"{8ADA8EA5-7DA3-4781-816E-1C510C737A97}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{92A61261-6BCE-4E46-8ADC-3C1C44152B0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{96092520-0552-45E4-9AD0-DC7D3B37ED3C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97CFDCF0-1468-4020-85B3-FE17B33D9AF1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A5534278-8E68-4EE9-BC20-598EE08710A0}" = rport=445 | protocol=6 | dir=out | app=system |
"{B8EC4FEC-C794-4783-850E-8267C524E75A}" = rport=138 | protocol=17 | dir=out | app=system |
"{C01584FF-25DA-4333-834F-1EB9A7BB1857}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7457945-9F76-4ED2-B6FD-ADF85346BA6A}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{E918F4E4-7748-4FC1-87D4-0F8D89DE6FE9}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02562DD5-15F9-429B-AAF1-F21B1416F034}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{075DBB2E-A3DE-4FE9-B471-3B1A20173C34}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"{096F855E-325C-4B8F-877F-7DB30F5E9768}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{244FDF14-EF92-4EF9-9ADC-8A9F74EF9F1C}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{2DCB14DE-BB4D-45D9-9127-790BCD24D38D}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
"{3A070523-725F-4DA3-B1FF-B811783D7E5F}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"{3F71286D-2EB4-4C7F-BFD0-730F7F1B3164}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{438B01FB-865D-4F2E-A0BF-0391479EE0C6}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{4B41939D-12D2-448E-9A46-61C39CCBB5EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{57323876-F1C8-4752-A6DA-3F2EDE94F744}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6B5AC7ED-71AD-47A7-8857-04FF0B9067BF}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{7E2FCE1E-52A2-451C-B906-E4D74FCAEE20}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
"{880EDE6B-538C-4665-82BF-9237535E1DCF}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
"{96331571-3C6A-4421-B3DF-82AA625ADB21}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{B1A2766D-0080-41D8-8AD6-212940C410B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B5DBB38C-F8CF-4B8E-B353-2CA84AB7B652}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"{BD43F370-96EB-4B4F-8C9B-5F86D5B73F65}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{D7DA4D10-93D0-485F-A247-DC4C1BE0E77C}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{E046E1B1-7941-4438-9CCB-294DEE4E02A5}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
"{F089ED83-6E1B-4B14-A64D-F1C9B49EE927}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F0D383D3-231F-4701-BB34-08F5CA2D1429}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F67B3A76-D45C-463B-BED2-19D010A233DC}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"{FFD9E410-2856-4FCB-ADD5-58A0C3FB0C7B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{AE60298E-0A7E-4424-BAAF-FB915EBBE945}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{F954F00E-C2FB-4892-B3E9-B9763838D657}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014EFADF-1AA8-44D0-B889-D39D77302A62}" = Intel® PROSet/Wireless WiFi Software
"{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}" = Brother MFL-Pro Suite MFC-6490CW
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{12F50E86-9798-4516-8AD3-8F0167DC3642}" = Attachment Manager 2006 Version 10.4.2
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD22174-7B11-42A7-8228-65326A7AF431}" = CBS 2.9.9
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22C58B4B-C8FE-42A6-8927-5289E2C4266E}" = Model Maintenance V2.2.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5D17D8A0-5DA5-4F8F-8F25-3D5CDAFA1E71}" = Nitro PDF Professional
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6C8D5E56-CA12-42B2-9075-044B4C7067A9}" = Altiris Deployment Agent
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{72F8707F-6545-462C-B0D7-3F1409FEB7F5}" = BuildPro Setup
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91488E0E-F5B4-426B-A11C-D7D24A2B518D}" = Crystal Reports 9 Redist
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACA07C92-CB3F-419E-A6EB-41A3E0742514}" = CBS 3.0.5
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{BF06C7B8-388F-43EA-BE7E-F3199DD47551}" = Client Variations V1.0.6
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E76C701F-1D69-462B-87EA-482100A9C6B4}" = vnc service
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AutoSketch v6.0" = AutoSketch v6.0
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007
"RayV" = NBA League Pass Broadband
"Ultravnc2_is1" = UltraVNC 1.0.8.2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >






#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 06 June 2010 - 07:44 PM

Please reboot your machine.

Then, do the following...

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c "mbr -t" >Log.txt&Log.txt&del Log.txt

A Notepad file will open. Post the contents of Log.txt in your next reply
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 davesmyth

davesmyth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 06 June 2010 - 08:24 PM

Hey EB log as follows

I have seemed to of sorted out my password issue for now anyway by changing the internet settings slightly.

thanks in advance

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys USBPORT.SYS usbuhci.sys tcpip.sys NETIO.SYS nvlddmkm.sys dxgkrnl.sys partmgr.sys volmgr.sys fvevol.sys tskFEC8.tmp Ntfs.sys ndis.sys NETw5v32.sys usbhub.sys intelppm.sys watchdog.sys hidusb.sys HIDCLASS.SYS HIDPARSE.SYS mouhid.sys mouclass.sys usbccgp.sys ntkrnlpa.exe
kernel: MBR read successfully
user & kernel MBR OK


#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 07 June 2010 - 07:33 PM

Hello.

Okay, that's good.

How's your computer running? Any more problems etc...?

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 davesmyth

davesmyth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 08 June 2010 - 05:44 AM

Hey EB how are you?

My computer seems to be running great, I'm not sure what you have had me doing but it seems to have worked thus far. I have attached the logs as requested. My computer most importantly seems to be booting up normally now, was that potentially one of the symptoms of the rootkit maybe???

I have copy and pasted below the scans as requested. the only 2 things found on the kaspersky scan are work related programs for remote help so they are not an issue.

let me know if I need to do anything more.

have a great day

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, June 8, 2010
Operating system: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, June 08, 2010 01:47:17
Records in database: 4209933
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 114533
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:42:58


File name / Threat / Threats count
C:\orl\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1
C:\orl\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1

Selected area has been scanned.



DDS (Ver_10-03-17.01) - NTFSx86
Run by dsmyth at 18:27:40.23 on Tue 08/06/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.61.1033.18.3068.1531 [GMT 8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Altiris\Dagent\dagent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Altiris\Dagent\dagentui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\dsmyth\AppData\Local\temp\jkos-dsmyth\binaries\ScanningProcess.exe
C:\Users\dsmyth\AppData\Local\temp\jkos-dsmyth\binaries\ScanningProcess.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\My Stuff\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nba.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [RayV] c:\program files\rayv\rayv\RayV.exe /background
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [DagentUI] c:\program files\altiris\dagent\dagentui.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-5 164048]
R2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\altiris\dagent\dagent.exe [2009-8-11 1246544]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-5 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-5 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2010-5-24 1590216]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-5 40384]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-13 6628352]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 135664]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

============== File Associations ===============

.scr=scr_auto_file

=============== Created Last 30 ================

2010-06-08 04:59:38 0 d-----w- c:\users\dsmyth\TempStore
2010-06-07 18:08:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-06 23:33:14 0 d-sh--w- C:\$RECYCLE.BIN
2010-06-06 23:04:42 98816 ----a-w- c:\windows\sed.exe
2010-06-06 23:04:42 77312 ----a-w- c:\windows\MBR.exe
2010-06-06 23:04:42 256512 ----a-w- c:\windows\PEV.exe
2010-06-06 23:04:42 161792 ----a-w- c:\windows\SWREG.exe
2010-06-06 02:07:58 0 d-----r- c:\users\dsmyth\appdata\roaming\Brother
2010-06-05 15:46:24 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-05 15:45:33 0 d-----w- c:\programdata\Alwil Software
2010-06-05 15:17:24 0 d-----w- c:\windows\system32\appmgmt
2010-06-05 15:00:03 0 d-----w- c:\program files\ESET
2010-06-05 03:39:38 0 d-----w- c:\windows\system32\catroot2
2010-06-02 16:39:50 253349364 ----a-w- c:\windows\MEMORY.DMP
2010-06-01 06:14:52 0 d-----w- c:\programdata\WindowsSearch
2010-06-01 05:17:43 46592 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2010-05-31 06:14:13 0 d-----w- c:\programdata\PC Suite
2010-05-31 06:13:47 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-31 06:13:07 0 d-----w- c:\users\dsmyth\{1ab5ee16-853e-445c-8e40-1f5419d0aaf0}
2010-05-31 06:12:27 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-05-31 06:11:47 0 d-----w- c:\programdata\Installations
2010-05-30 05:10:48 0 d-----w- c:\windows\pss
2010-05-29 02:12:22 0 d-----w- c:\users\dsmyth\appdata\roaming\Malwarebytes
2010-05-29 02:00:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 02:00:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-29 02:00:20 0 d-----w- c:\programdata\Malwarebytes
2010-05-28 04:30:51 0 d-----w- c:\users\dsmyth\appdata\roaming\ICAClient
2010-05-27 01:10:44 0 d-----w- c:\users\dsmyth\appdata\roaming\RayV
2010-05-26 13:01:48 94 ----a-w- c:\windows\brpcfx.ini
2010-05-26 13:01:48 245 ----a-w- c:\windows\Brpfx04a.ini
2010-05-26 13:01:33 419 ----a-w- c:\windows\BRWMARK.INI
2010-05-26 13:01:33 27 ----a-w- c:\windows\BRPP2KA.INI
2010-05-26 12:59:44 0 d-----w- c:\programdata\Brother
2010-05-26 10:04:31 0 d-----w- c:\program files\LimeWire
2010-05-26 02:44:37 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-05-26 02:44:37 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-05-26 02:44:09 0 d-----w- c:\programdata\Nitro PDF
2010-05-26 02:44:05 0 d-----w- c:\program files\common files\Nitro PDF
2010-05-26 02:44:04 0 d-----w- c:\program files\Nitro PDF
2010-05-26 02:23:02 0 d-----w- c:\users\dsmyth\appdata\roaming\Downloaded Installations
2010-05-25 03:44:14 0 d-----w- c:\programdata\Sun
2010-05-25 03:43:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 03:05:32 0 d-----w- c:\program files\GPLGS
2010-05-25 03:03:52 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-05-25 03:03:52 0 d-----w- c:\program files\Acro Software
2010-05-25 03:03:44 0 d-----w- c:\program files\Ask.com
2010-05-25 03:02:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 03:02:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-05-25 03:02:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-05-25 03:02:24 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-05-25 02:59:41 2033152 ----a-w- c:\windows\system32\win32k.sys
2010-05-25 02:59:22 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-25 02:59:21 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-25 02:59:21 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-25 02:59:21 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-25 02:59:21 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-25 02:59:21 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-25 02:59:02 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-25 02:59:02 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-25 02:59:02 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-25 02:58:24 2868224 ----a-w- c:\windows\system32\mf.dll
2010-05-25 02:57:50 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-25 02:57:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-25 02:57:10 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 02:56:57 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-25 02:56:48 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-25 02:56:24 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-05-25 02:56:24 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-05-25 02:56:14 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-25 02:56:04 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-25 02:54:57 636928 ----a-w- c:\windows\system32\localspl.dll
2010-05-25 02:54:45 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-05-25 02:54:02 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-25 02:54:02 54784 ----a-w- c:\windows\system32\iasads.dll
2010-05-25 02:54:01 98304 ----a-w- c:\windows\system32\iasrecst.dll
2010-05-25 02:54:01 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-05-25 02:54:01 551424 ----a-w- c:\windows\system32\rpcss.dll
2010-05-25 02:54:01 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2010-05-25 02:54:01 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-05-25 02:54:01 183296 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-25 02:54:01 17408 ----a-w- c:\windows\system32\iashost.exe
2010-05-25 02:53:58 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-05-25 02:53:58 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-05-25 02:53:58 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-05-25 02:53:32 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-25 02:52:49 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-25 02:52:49 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-25 02:52:48 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-25 02:52:33 24064 ----a-w- c:\windows\system32\amxread.dll
2010-05-25 02:52:33 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-05-25 02:51:31 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-25 02:51:31 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-05-25 02:51:31 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-05-25 02:51:31 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-25 02:51:30 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-05-25 02:51:27 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-25 02:51:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-25 02:51:14 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-05-25 02:51:00 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-25 02:39:23 0 d-----w- c:\programdata\Intel
2010-05-25 02:38:19 0 d-----w- c:\program files\Cisco
2010-05-25 02:38:17 0 d-----w- c:\program files\common files\Intel
2010-05-25 02:37:48 0 d-----w- c:\users\dsmyth\appdata\roaming\Intel
2010-05-25 01:18:28 0 d-----w- c:\program files\SystemRequirementsLab
2010-05-24 08:31:01 0 d-----w- c:\program files\Model Maintenance
2010-05-24 08:29:19 0 d-----w- c:\program files\Client Variations
2010-05-24 08:29:06 0 d-----w- c:\program files\CBS3
2010-05-24 08:27:10 0 d-----w- c:\program files\Altiris
2010-05-24 08:23:07 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-05-24 08:23:07 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-05-24 08:23:06 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-05-24 08:23:06 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-05-24 08:23:06 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-05-24 08:23:06 11264 ----a-w- c:\windows\system32\icardres.dll
2010-05-24 08:23:04 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-05-24 08:23:02 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-05-24 08:16:16 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-05-24 08:16:14 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-05-24 08:16:11 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-05-24 08:16:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-05-24 08:15:59 83968 ----a-w- c:\windows\system32\mscories.dll
2010-05-24 08:12:44 0 d-----w- c:\users\dsmyth\appdata\roaming\CBS
2010-05-24 08:12:39 0 d-----w- c:\users\dsmyth\appdata\roaming\ABN
2010-05-24 08:05:24 286720 ------w- c:\windows\Setup1.exe
2010-05-24 08:05:21 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-24 08:05:19 1963 ----a-w- c:\windows\ST6UNST.000
2010-05-24 08:01:40 0 d-----w- c:\program files\AutoSketch
2010-05-24 08:01:15 282624 ----a-w- c:\windows\uninst.exe
2010-05-24 08:00:08 0 d-----w- c:\program files\Attachment Manager 2006
2010-05-24 07:55:10 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-05-24 07:54:44 0 d-----w- c:\programdata\Symantec
2010-05-24 07:54:44 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-24 07:52:56 0 d-----w- c:\program files\common files\Crystal Decisions
2010-05-24 07:51:50 0 d-----w- c:\program files\UltraVNC
2010-05-24 07:47:42 0 d-----w- c:\program files\PBDescriptions
2010-05-24 07:47:41 0 d-----w- c:\program files\eWorkOrder
2010-05-24 07:47:41 0 d-----w- c:\program files\eStatement
2010-05-24 07:47:37 0 d-----w- c:\program files\eOrder
2010-05-24 07:47:23 0 d-----w- c:\program files\CBS
2010-05-24 07:47:23 0 d-----w- c:\program files\ABN Common
2010-05-24 07:39:18 0 d-----w- c:\windows\wlansvc
2010-05-24 07:11:18 0 d-----w- c:\program files\vnc service
2010-05-24 06:07:34 0 d-----w- C:\Signatures
2010-05-24 04:07:48 0 d-----w- c:\windows\Panther
2010-05-24 03:19:28 2459 ----a-w- c:\windows\bthservsdp.dat
2010-05-23 14:13:52 0 d-----w- c:\program files\Citrix
2010-05-23 14:01:43 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-23 14:01:43 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-23 14:01:09 0 d-----w- c:\program files\iPod
2010-05-23 14:01:07 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-23 14:01:07 0 d-----w- c:\program files\iTunes
2010-05-23 14:00:06 0 d-----w- c:\programdata\Apple Computer
2010-05-23 13:58:11 0 d-----w- c:\programdata\Apple
2010-05-23 13:33:56 0 d-----w- c:\programdata\Adobe
2010-05-23 13:33:33 0 d-----w- c:\programdata\Google
2010-05-23 13:33:09 0 d-----w- c:\programdata\NOS
2010-05-23 13:30:32 0 d-----w- c:\windows\PCHEALTH
2010-05-23 13:28:01 0 d-----w- c:\program files\NVIDIA Corporation
2010-05-23 13:26:57 0 d-----w- c:\programdata\Microsoft Help
2010-05-23 13:25:39 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-05-23 13:25:38 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-23 13:20:02 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-23 13:19:49 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-23 13:19:41 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-23 13:19:41 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-23 13:18:51 0 d-----w- c:\programdata\Roaming
2010-05-23 13:17:19 0 d-sh--w- c:\windows\Installer
2010-05-23 13:13:27 299008 ----a-w- c:\windows\system32\drivers\yk60x86.sys
2010-05-23 13:13:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-19 04:41:13 0 d-----w- c:\program files\NCH Software
2010-05-16 10:29:53 0 d-----w- c:\program files\common files\ParetoLogic
2010-05-14 07:42:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 06:16:25 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2010-06-07 01:20:44 143416 ----a-w- c:\windows\system32\drivers\ecache.sys
2010-06-01 15:22:58 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-01 05:25:22 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-01 05:25:22 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-01 05:25:22 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-16 00:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 00:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-03 14:55:32 9386600 ----a-w- c:\windows\system32\nvd3dum.dll
2010-04-03 14:55:32 795104 ----a-w- c:\windows\system32\dpinst.exe
2010-04-03 14:55:32 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 14:55:32 4503144 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-04-03 14:55:32 4029544 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 14:55:32 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 14:55:32 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-03 14:55:32 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 14:55:32 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 14:55:32 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2010-04-03 14:55:32 1296488 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 14:55:32 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2008-01-21 02:30:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:28:14.18 ===============


Attached Files



#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 09 June 2010 - 06:08 PM

Hello.

QUOTE
I have copy and pasted below the scans as requested. the only 2 things found on the kaspersky scan are work related programs for remote help so they are not an issue.

Yup, that's correct. That's also why Kaspersky only detected as "not-a-virus".

That looks good. Good work, those are some symptoms of infections not necessarily always a rootkit. Below I have some prevention tips which will discuss a few things.

Please follow/read the steps below to remove the tools we used and for some more information. smile.gif


Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything assoicated with it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! specool.gif

Now that you are clean, please follow and read some of the prevention tips >over here<. Is your system a bit slow? If so, try some of the points and things suggested here.

If you would like, visit my http://computermalwaresecurity.blogspot.com/ and Subscribe/Follow along.


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 davesmyth

davesmyth
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 11 June 2010 - 09:44 AM

Hey Eb how are you?

thanks so much for your help my computer seems to be running great now. I have read the article and am going to take all the advice I can.

Thanks again and have a great day

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 14 June 2010 - 07:26 PM

You're welcome.

Glad to help.

--
Since the problem appears to be resolved, this topic is now Closed. Glad we could help smile.gif
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users