Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

games_bar_1 mario toolbar


  • This topic is locked This topic is locked
40 replies to this topic

#1 plomper

plomper

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 27 July 2010 - 10:13 PM

this virus is giving me a blanlk popout window when i open broswer it changed my default searh engine and howm page
my pc is really running slow and frezzing

i am trying to create the logs but the gmer program freezes and doesnt finish
the dds program doesnt work it appears as an autocad script file

i did get a report:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4327

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

7/27/2010 4:39:17 PM
mbam-log-2010-07-27 (16-39-17).txt

Scan type: Quick scan
Objects scanned: 155632
Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:WINDOWS.0system32clhordei.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOTTypeLib{6b5631b8-788d-4496-96ea-c634a44e39b4} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTInterface{4fa06538-d0e3-4000-980a-15d8150ae347} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTInterface{5be3f183-96a8-4785-9276-cb7ebd0d93f9} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTInterface{8d516d7c-9195-407d-bb91-ada0638b04d1} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTInterface{ac0b7d84-95e4-4c4b-b7b2-9717a0faaafc} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTInterface{cc3d3489-a97b-4b3b-bd44-27b9c460cead} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTInterface{dd1368a3-ca1c-4d43-9ce8-300b0c55967a} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTCLSID{24c138ac-50a2-4f96-b3fd-bb76caa25ab7} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTCLSID{5f94fd38-1f4e-465f-92ba-ad15d8b066a3} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTCLSID{7c69256f-8bec-480d-8256-009cf3899d78} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTCLSID{90f3685a-dd5e-4648-a035-b31bd8ddb005} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOTCLSID{d855c87c-a4ed-4776-ade3-f2468cd50c0f} (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler{5f94fd38-1f4e-465f-92ba-ad15d8b066a3} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved{5f94fd38-1f4e-465f-92ba-ad15d8b066a3} (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:WINDOWS.0system32clhordei.dll (Trojan.Agent) -> No action taken.

i got a report but its not full i hope this helps
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 00:52:58
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:WindowsTemppxtdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

? nsdkjfmk.sys The system cannot find the file specified. !
.text C:WINDOWS.0system32DRIVERSnv4_mini.sys section is writeable [0xB6D253A0, 0x592C35, 0xE8000020]
pnidata C:WINDOWS.0system32DRIVERSsecdrv.sys unknown last section [0xB3621F00, 0x24000, 0x48000000]

---- Modules - GMER 1.0.15 ----

Module WINDOWS.0system32ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804D7000-8071F000 (2392064 bytes)
Module WINDOWS.0system32hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8071F000-8073FC80 (134272 bytes)
Module WINDOWS.0system32KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation) F7987000-F7989000 (8192 bytes)
Module WINDOWS.0system32BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) F7897000-F789A000 (12288 bytes)
Module nsdkjfmk.sys F75F7000-F7605000 (57344 bytes)
Module ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F7508000-F7536000 (188416 bytes)
Module WINDOWS.0system32DRIVERSWMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) F7989000-F798B000 (8192 bytes)
Module pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) F74F7000-F7508000 (69632 bytes)
Module ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) F7607000-F7616000 (61440 bytes)
Module WINDOWS.0system32DRIVERS1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) F7617000-F7624000 (53248 bytes)
Module isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) F7627000-F7630000 (36864 bytes)
Module WINDOWS.0System32DriversPCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) F7707000-F770E000 (28672 bytes)
Module intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) F798B000-F798D000 (8192 bytes)
Module MountMgr.sys (Mount Manager/Microsoft Corporation) F7637000-F7642000 (45056 bytes)
Module ftdisk.sys (FT Disk Driver/Microsoft Corporation) F74D8000-F74F7000 (126976 bytes)
Module dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) F798D000-F798F000 (8192 bytes)
Module dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) F74B2000-F74D8000 (155648 bytes)
Module PartMgr.sys (Partition Manager/Microsoft Corporation) F770F000-F7714000 (20480 bytes)
Module VolSnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) F7647000-F7654000 (53248 bytes)
Module atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F749A000-F74B2000 (98304 bytes)
Module disk.sys (PnP Disk Driver/Microsoft Corporation) F7657000-F7660000 (36864 bytes)
Module WINDOWS.0system32DRIVERSCLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) F7667000-F7674000 (53248 bytes)
Module fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) F7867000-F7887000 (131072 bytes)
Module sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) F7855000-F7867000 (73728 bytes)
Module Lbd.sys (Boot Driver/Lavasoft AB) F7677000-F7686000 (61440 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7687000-F7691000 (40960 bytes)
Module KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation) F783E000-F7855000 (94208 bytes)
Module Ntfs.sys (NT File System Driver/Microsoft Corporation) F7B52000-F7BDF000 (577536 bytes)
Module NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F795A000-F7987000 (184320 bytes)
Module Mup.sys (Multiple UNC Provider driver/Microsoft Corporation) F7A35000-F7A4F000 (106496 bytes)
Module SystemRootsystem32DRIVERSintelppm.sys (Processor Device Driver/Microsoft Corporation) F76E7000-F76F0000 (36864 bytes)
Module SystemRootsystem32DRIVERSnv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 257.21 /NVIDIA Corporation) B6D25000-B7731000 (10534912 bytes)
Module SystemRootsystem32DRIVERSVIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B6D11000-B6D25000 (81920 bytes)
Module SystemRootsystem32DRIVERSb57xp32.sys (Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver./Broadcom Corporation) B6CE6000-B6D11000 (176128 bytes)
Module SystemRootsystem32DRIVERSusbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) F780F000-F7815000 (24576 bytes)
Module SystemRootsystem32DRIVERSUSBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B6CC2000-B6CE6000 (147456 bytes)
Module SystemRootsystem32DRIVERSusbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) F7817000-F781F000 (32768 bytes)
Module SystemRootsystem32DRIVERSLTSMT.sys (SoftModem Device Driver/LT) B6BFF000-B6CC2000 (798720 bytes)
Module SystemRootSystem32DriversModem.SYS (Modem Device Driver/Microsoft Corporation) F781F000-F7827000 (32768 bytes)
Module SystemRootsystem32driversctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) B6B85000-B6BFF000 (499712 bytes)
Module SystemRootsystem32driversportcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) B6B61000-B6B85000 (147456 bytes)
Module SystemRootsystem32driversdrmk.sys (Microsoft Kernel DRM Descrambler Filter/Microsoft Corporation) F76F7000-F7706000 (61440 bytes)
Module SystemRootsystem32driversks.sys (Kernel CSA Library/Microsoft Corporation) B6B3E000-B6B61000 (143360 bytes)
Module SystemRootsystem32driversctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) B6B0B000-B6B3E000 (208896 bytes)
Module SystemRootsystem32driversctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) F7737000-F773F000 (32768 bytes)
Module SystemRootsystem32DRIVERSnic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) F75C6000-F75D6000 (65536 bytes)
Module SystemRootsystem32DRIVERSi8042prt.sys (i8042 Port Driver/Microsoft Corporation) F75B6000-F75C3000 (53248 bytes)
Module SystemRootsystem32DRIVERSkbdclass.sys (Keyboard Class Driver/Microsoft Corporation) B7FA0000-B7FA6000 (24576 bytes)
Module SystemRootsystem32DRIVERSparport.sys (Parallel Port Driver/Microsoft Corporation) B6AF7000-B6B0B000 (81920 bytes)
Module SystemRootsystem32DRIVERSserial.sys (Serial Device Driver/Microsoft Corporation) F75A6000-F75B6000 (65536 bytes)
Module SystemRootsystem32DRIVERSserenum.sys (Serial Port Enumerator/Microsoft Corporation) B87BC000-B87C0000 (16384 bytes)
Module SystemRootsystem32DRIVERSimapi.sys (IMAPI Kernel Driver/Microsoft Corporation) F7596000-F75A1000 (45056 bytes)
Module SystemRootsystem32DRIVERScdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) F7586000-F7596000 (65536 bytes)
Module SystemRootsystem32DRIVERSredbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) F7576000-F7585000 (61440 bytes)
Module SystemRootsystem32DRIVERSGEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) B7F98000-B7F9E000 (24576 bytes)
Module SystemRootsystem32DRIVERSaudstub.sys (AudStub Driver/Microsoft Corporation) F7A7B000-F7A7C000 (4096 bytes)
Module SystemRootsystem32DRIVERSrasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) F7566000-F7573000 (53248 bytes)
Module SystemRootsystem32DRIVERSndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) B87B0000-B87B3000 (12288 bytes)
Module SystemRootsystem32DRIVERSndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) B6AE0000-B6AF7000 (94208 bytes)
Module SystemRootsystem32DRIVERSraspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) F7556000-F7561000 (45056 bytes)
Module SystemRootsystem32DRIVERSraspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) F7546000-F7552000 (49152 bytes)
Module SystemRootsystem32DRIVERSTDI.SYS (TDI Wrapper/Microsoft Corporation) B7F90000-B7F95000 (20480 bytes)
Module SystemRootsystem32DRIVERSpsched.sys (MS QoS Packet Scheduler/Microsoft Corporation) B6ACF000-B6AE0000 (69632 bytes)
Module SystemRootsystem32DRIVERSmsgpc.sys (MS General Packet Classifier/Microsoft Corporation) F7536000-F753F000 (36864 bytes)
Module SystemRootsystem32DRIVERSptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) B7F88000-B7F8D000 (20480 bytes)
Module SystemRootsystem32DRIVERSraspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) B7F80000-B7F85000 (20480 bytes)
Module SystemRootsystem32DRIVERSrdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) B6A9E000-B6ACF000 (200704 bytes)
Module SystemRootsystem32DRIVERStermdd.sys (Terminal Server Driver/Microsoft Corporation) F748A000-F7494000 (40960 bytes)
Module SystemRootsystem32DRIVERSmouclass.sys (Mouse Class Driver/Microsoft Corporation) B7F78000-B7F7E000 (24576 bytes)
Module SystemRootsystem32DRIVERSswenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) F79B5000-F79B7000 (8192 bytes)
Module SystemRootsystem32DRIVERSupdate.sys (Update Driver/Microsoft Corporation) B68D2000-B6906000 (212992 bytes)
Module SystemRootsystem32DRIVERSmssmbios.sys (System Management BIOS Driver/Microsoft Corporation) B81DE000-B81E2000 (16384 bytes)
Module SystemRootsystem32DRIVERSMarvinBus.sys (Pinnacle Marvin Discrete Bus Enumerator/Pinnacle Systems GmbH) B68A4000-B68D2000 (188416 bytes)
Module SystemRootSystem32DriversNDProxy.SYS (NDIS Proxy/Microsoft Corporation) F746A000-F7474000 (40960 bytes)
Module SystemRootsystem32DRIVERSusbhub.sys (Default Hub Driver for USB/Microsoft Corporation) F744A000-F7459000 (61440 bytes)
Module SystemRootsystem32DRIVERSUSBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) F79B7000-F79B9000 (8192 bytes)
Module SystemRootsystem32drivershap16v2k.sys (Creative EMU10KX-P16v HAL (WDM)/Creative Technology Ltd) B46B2000-B46DC000 (172032 bytes)
Module SystemRootsystem32driversha10kx2k.sys (Creative EMU10KX HAL (WDM)/Creative Technology Ltd) B45AE000-B46B2000 (1064960 bytes)
Module SystemRootsystem32driversemupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) B4581000-B45AE000 (184320 bytes)
Module SystemRootsystem32driversctsfm2k.sys (SoundFont® Manager (WDM)/Creative Technology Ltd) B455A000-B4581000 (159744 bytes)
Module SystemRootsystem32driversctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) B44BE000-B455A000 (638976 bytes)
Module SystemRootSystem32DriversFs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) F79B9000-F79BB000 (8192 bytes)
Module SystemRootSystem32DriversNull.SYS (NULL Driver/Microsoft Corporation) F7A9F000-F7AA0000 (4096 bytes)
Module SystemRootSystem32DriversBeep.SYS (BEEP Driver/Microsoft Corporation) F79BB000-F79BD000 (8192 bytes)
Module SystemRootSystem32driversvga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) F773F000-F7745000 (24576 bytes)
Module SystemRootSystem32Driversmnmdd.SYS (Frame buffer simulator/Microsoft Corporation) F79BD000-F79BF000 (8192 bytes)
Module SystemRootSystem32DRIVERSRDPCDD.sys (RDP Miniport/Microsoft Corporation) F79BF000-F79C1000 (8192 bytes)
Module SystemRootSystem32DriversMsfs.SYS (Mailslot driver/Microsoft Corporation) F7747000-F774C000 (20480 bytes)
Module SystemRootSystem32DriversNpfs.SYS (NPFS Driver/Microsoft Corporation) F774F000-F7757000 (32768 bytes)
Module SystemRootsystem32DRIVERSrasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) B87E8000-B87EB000 (12288 bytes)
Module SystemRootsystem32DRIVERSipsec.sys (IPSec Driver/Microsoft Corporation) B4459000-B446C000 (77824 bytes)
Module SystemRootsystem32DRIVERStcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) B4400000-B4459000 (364544 bytes)
Module SystemRootsystem32DRIVERSnetbt.sys (MBT Transport driver/Microsoft Corporation) B43D8000-B4400000 (163840 bytes)
Module SystemRootsystem32DRIVERSipnat.sys (IP Network Address Translator/Microsoft Corporation) B43B6000-B43D8000 (139264 bytes)
Module SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) B4335000-B43B6000 (528384 bytes)
Module SystemRootsystem32DRIVERSwanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) F742A000-F7433000 (36864 bytes)
Module SystemRootsystem32DRIVERSarp1394.sys (IP/1394 Arp Client/Microsoft Corporation) F741A000-F7429000 (61440 bytes)
Module SystemRootSystem32driversafd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) B4313000-B4335000 (139264 bytes)
Module SystemRootsystem32DRIVERSnetbios.sys (NetBIOS interface driver/Microsoft Corporation) F740A000-F7413000 (36864 bytes)
Module SystemRootsystem32DRIVERSssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) F7757000-F775D000 (24576 bytes)
Module SystemRootsystem32DRIVERSrdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) B42E8000-B4313000 (176128 bytes)
Module SystemRootsystem32DRIVERSmrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) B4279000-B42E8000 (454656 bytes)
Module SystemRootSystem32DriversFips.SYS (FIPS Crypto Driver/Microsoft Corporation) F7887000-F7890000 (36864 bytes)
Module SystemRootsystem32DRIVERShidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) B6A96000-B6A99000 (12288 bytes)
Module SystemRootsystem32DRIVERSHIDCLASS.SYS (Hid Class Library/Microsoft Corporation) F76A7000-F76B0000 (36864 bytes)
Module SystemRootsystem32DRIVERSHIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) F775F000-F7766000 (28672 bytes)
Module SystemRootsystem32DRIVERSusbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) F7767000-F776F000 (32768 bytes)
Module SystemRootsystem32DRIVERSavipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) B4235000-B4251000 (114688 bytes)
Module ??C:Program_FilesAviraAntiVir_Desktopavgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) F79D3000-F79D5000 (8192 bytes)
Module SystemRootsystem32DRIVERSusbprint.sys (USB Printer driver/Microsoft Corporation) F7777000-F777E000 (28672 bytes)
Module SystemRootsystem32DRIVERSmouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) B6A8A000-B6A8D000 (12288 bytes)
Module SystemRootSystem32DriversCdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) B82E8000-B82F8000 (65536 bytes)
Module SystemRootsystem32DRIVERSemFilter.sys (USB 28xx WDM Lower filter/eMPIA Technology, Inc.) F79F1000-F79F3000 (8192 bytes)
Module SystemRootsystem32DRIVERSemDevice.sys (USB 28xx WDM Driver/eMPIA Technology, Inc.) B421E000-B4235000 (94208 bytes)
Module SystemRootsystem32DRIVERSSTREAM.SYS (WDM CODEC Class Device Driver 2.0/Microsoft Corporation) B82D8000-B82E4000 (49152 bytes)
Module SystemRootsystem32DRIVERSemStream.sys (USB 28xx WDM Driver Library/eMPIA Technology, Inc.) F777F000-F7785000 (24576 bytes)
Module SystemRootsystem32DRIVERSemScan.sys (USB 28xx WDM Upper Filter/eMPIA Technology, Inc.) B8082000-B8083000 (4096 bytes)
Module SystemRootsystem32driversemAudio.sys (Dazzle DVC90/DVC100 Audio Driver/Pinnacle Systems GmbH) F7787000-F778D000 (24576 bytes)
Module SystemRootSystem32Driversdump_atapi.sys B4206000-B421E000 (98304 bytes)
Module SystemRootSystem32Driversdump_WMILIB.SYS F7A05000-F7A07000 (8192 bytes)
Module SystemRootSystem32win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) BF800000-BF9C2000 (1843200 bytes)
Module SystemRootSystem32driversDxapi.sys (DirectX API Driver/Microsoft Corporation) B47A0000-B47A3000 (12288 bytes)
Module SystemRootSystem32watchdog.sys (Watchdog Driver/Microsoft Corporation) F778F000-F7794000 (20480 bytes)
Module SystemRootSystem32driversdxg.sys (DirectX Graphics Driver/Microsoft Corporation) BD000000-BD012000 (73728 bytes)
Module SystemRootSystem32driversdxgthk.sys (DirectX Graphics Driver Thunk/Microsoft Corporation) B879B000-B879C000 (4096 bytes)
Module SystemRootSystem32nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 257.21 /NVIDIA Corporation) BD012000-BD615000 (6303744 bytes)
Module SystemRootSystem32ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module SystemRootsystem32DRIVERSavgntflt.sys (Avira Minifilter Driver/Avira GmbH) B3BFE000-B3C12000 (81920 bytes)
Module SystemRootsystem32DRIVERSndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) B3C32000-B3C36000 (16384 bytes)
Module SystemRootsystem32DRIVERSrspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) B3CA6000-B3CB6000 (65536 bytes)
Module SystemRootsystem32DRIVERSmrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) B3811000-B383E000 (184320 bytes)
Module SystemRootSystem32DriversParVdm.SYS (VDM Parallel Driver/Microsoft Corporation) F7A09000-F7A0B000 (8192 bytes)
Module SystemRootSystem32Driversadfs.SYS (Adobe Drive File System Driver/Adobe Systems, Inc.) B37B0000-B37C1000 (69632 bytes)
Module SystemRootsystem32DRIVERSsrv.sys (Server driver/Microsoft Corporation) B366E000-B36C0000 (335872 bytes)
Module SystemRootsystem32DRIVERSsecdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) B361E000-B3646000 (163840 bytes)
Module SystemRootsystem32driverswdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) B31D1000-B31E6000 (86016 bytes)
Module SystemRootsystem32driverssysaudio.sys (System Audio WDM Filter/Microsoft Corporation) B3236000-B3245000 (61440 bytes)
Module SystemRootSystem32DriversHTTP.sys (HTTP Protocol Stack/Microsoft Corporation) B3002000-B3043000 (266240 bytes)
Module SystemRootsystem32driverskmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) B1F18000-B1F43000 (176128 bytes)
Module ??C:WindowsTemppxtdapow.sys (GMER) B052C000-B0543000 (94208 bytes)
Module WINDOWS.0system32ntdll.dll (NT Layer DLL/Microsoft Corporation) 7C900000-7C9B0000 (720896 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 164
Process sched.exe 208
Process avgnt.exe 284
Process smss.exe (Windows NT Session Manager/Microsoft Corporation) 692
Process csrss.exe (Client Server Runtime Process/Microsoft Corporation) 760
Process winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 792
Process services.exe (Services and Controller app/Microsoft Corporation) 836
Process lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 848
Process MobileMeServices.exe 1004
Process nvsvc32.exe (NVIDIA Driver Helper Service, Version 257.21/NVIDIA Corporation) 1040
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1116
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1184
Process avguard.exe 1228
Process AppleMobileDeviceService.exe 1240
Process mDNSResponder.exe 1252
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1280
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1352
Process IntuitUpdateService.exe 1360
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1524
Process explorer.exe (Windows Explorer/Microsoft Corporation) 1580
Process vsmon.exe 1608
Process jqs.exe 1632
Process NBService.exe 1660
Process IoctlSvc.exe (PLFlash DeviceIoControl Service/Prolific Technology Inc.) 1872
Process unsecapp.exe (WMI/Microsoft Corporation) 1888
Process alg.exe (Application Layer Gateway Service/Microsoft Corporation) 1904
Process HPZipm12.exe (PML Driver/HP) 1908
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1952
Process AAWService.exe 1996
Process wmiprvse.exe (WMI/Microsoft Corporation) 2192
Process avwsc.exe 2308
Process ctfmon.exe (CTF Loader/Microsoft Corporation) 2568
Process AAWTray.exe 2836
Process zlclient.exe 2864
Process iPodService.exe 2888
Process STARTR~1.SCR (Made With Axialis Screen Saver Producer 3.5 (www.axialis.com)/Axialis Software) 2964
Process OUTLOOK.EXE 3016
Process wscntfy.exe (Windows Security Center Notification App/Microsoft Corporation) 3192
Process realsched.exe 3340
Process gmer.exe 3520
Process iTunesHelper.exe 3916
Process STARTR~1.SCR (Made With Axialis Screen Saver Producer 3.5 (www.axialis.com)/Axialis Software) 3988

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:WINDOWS.0system32DRIVERSACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service (ACPI Embedded Controller Driver/Microsoft Corporation) [DISABLED] ACPIEC
Service (Adobe Drive File System Driver/Adobe Systems, Inc.) [AUTO] adfs
Service C:Program FilesCommon FilesAdobeAdobe Version Cue CS4ServerbinVersionCueCS4.exe (Adobe Version Cue CS4/Adobe Systems Incorporated) [MANUAL] Adobe Version Cue CS4
Service AdobeDriveCS4_NP
Service [DISABLED] adpu160m
Service C:WINDOWS.0system32driversaec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:WINDOWS.0System32driversafd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:WINDOWS.0System32alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service C:Program FilesAviraAntiVir Desktopsched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service C:Program FilesAviraAntiVir Desktopavguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service C:WINDOWS.0system32DRIVERSarp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASP.NET
Service ASP.NET_2.0.50727
Service C:WINDOWS.0System32driversaspi32.sys (ASPI for WIN32 Kernel Driver/Adaptec) [AUTO] Aspi32
Service C:WINDOWS.0Microsoft.NETFrameworkv2.0.50727aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state
Service C:WINDOWS.0system32DRIVERSasyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:WINDOWS.0system32DRIVERSatapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:WINDOWS.0system32DRIVERSatmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:WINDOWS.0system32DRIVERSaudstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe (System Level Service Utility/Autodesk) [MANUAL] Autodesk Licensing Service
Service C:Program FilesAviraAntiVir Desktopavgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
Service C:WINDOWS.0system32DRIVERSavgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service C:WINDOWS.0system32DRIVERSavipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [SYSTEM] avipbb
Service C:WINDOWS.0system32DRIVERSb57xp32.sys (Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver./Broadcom Corporation) [MANUAL] b57w2k
Service BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:Program FilesBonjourmDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:WindowsTempcatchme.sys [MANUAL] catchme
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service C:WINDOWS.0system32DRIVERSCCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:WINDOWS.0system32DRIVERScdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:WINDOWS.0system32cisvc.exe [MANUAL] CiSvc
Service C:WINDOWS.0system32clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [MANUAL] ClipSrv
Service C:WINDOWS.0Microsoft.NETFrameworkv2.0.50727mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service [DISABLED] CmdIde
Service C:WINDOWS.0system32dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service [DISABLED] Cpqarray
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service C:WINDOWS.0system32driversctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctac32k
Service C:WINDOWS.0system32driversctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) [MANUAL] ctaud2k
Service C:WINDOWS.0system32driversctdvda2k.sys (Creative DVD-Audio Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctdvda2k
Service C:WINDOWS.0system32driversctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctprxy2k
Service C:WINDOWS.0system32driversctsfm2k.sys (SoundFont® Manager (WDM)/Creative Technology Ltd) [MANUAL] ctsfm2k
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:WINDOWS.0system32DRIVERSemDevice.sys (USB 28xx WDM Driver/eMPIA Technology, Inc.) [MANUAL] DCamUSBEMPIA
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:WINDOWS.0system32DRIVERSdisk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:WINDOWS.0System32dmadmin.exe (Logical Disk Manager service process/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:WINDOWS.0System32driversdmboot.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:WINDOWS.0System32driversdmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) [BOOT] dmio
Service C:WINDOWS.0System32driversdmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver
Service C:WINDOWS.0system32driversDMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:WINDOWS.0system32driversdrmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:WINDOWS.0system32driversemAudio.sys (Dazzle DVC90/DVC100 Audio Driver/Pinnacle Systems GmbH) [MANUAL] emAudio
Service C:WINDOWS.0system32driversemupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) [MANUAL] emupia
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:WINDOWS.0system32services.exe (Services and Controller app/Microsoft Corporation) [AUTO] Eventlog
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service (Floppy Disk Controller Driver/Microsoft Corporation) [SYSTEM] Fdc
Service C:WINDOWS.0system32DRIVERSemFilter.sys (USB 28xx WDM Lower filter/eMPIA Technology, Inc.) [MANUAL] FiltUSBEMPIA
Service (FIPS Crypto Driver/Microsoft Corporation) [SYSTEM] Fips
Service C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe (Activation Licensing Service/Acresso Software Inc.) [MANUAL] FLEXnet Licensing Service
Service (Floppy Driver/Microsoft Corporation) [SYSTEM] Flpydisk
Service C:WINDOWS.0system32DRIVERSfltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service c:WINDOWS.0Microsoft.NetFrameworkv3.0WPFPresentationFontCache.exe (Windows Presentation Foundation Font Cache Service/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:WINDOWS.0system32DRIVERSftdisk.sys (FT Disk Driver/Microsoft Corporation) [BOOT] Ftdisk
Service C:WINDOWS.0system32DRIVERSGEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:Program FilesNOSbingetPlus_HelperSvc.exe (getPlus® Helper/NOS Microsystems Ltd.) [MANUAL] getPlus® Helper
Service C:WINDOWS.0system32DRIVERSmsgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
Service C:WINDOWS.0system32driversha10kx2k.sys (Creative EMU10KX HAL (WDM)/Creative Technology Ltd) [MANUAL] ha10kx2k
Service C:WINDOWS.0system32drivershap16v2k.sys (Creative EMU10KX-P16v HAL (WDM)/Creative Technology Ltd) [MANUAL] hap16v2k
Service C:WINDOWS.0system32drivershap17v2k.sys (Creative EMU10KX-P17v HAL (WDM)/Creative Technology Ltd) [MANUAL] hap17v2k
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service C:WINDOWS.0system32DRIVERShidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service [DISABLED] hpn
Service C:WINDOWS.0system32DRIVERSHPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:WINDOWS.0system32DRIVERSHPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:WINDOWS.0system32DRIVERSHPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:WINDOWS.0System32DriversHTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:WINDOWS.0system32DRIVERSi8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:WINDOWS.0Microsoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:WINDOWS.0system32DRIVERSimapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:Program FilesAlex FeinmanISO RecorderImapiHelper.exe (IMAPI Helper component/Alex Feinman) [MANUAL] Imapi Helper
Service ImapiHelper
Service C:WINDOWS.0system32imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service C:WINDOWS.0system32DRIVERSintelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [BOOT] IntelIde
Service C:WINDOWS.0system32DRIVERSintelppm.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] intelppm
Service C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe (Intuit Update Service/Intuit Inc.) [AUTO] IntuitUpdateService
Service C:WINDOWS.0system32DRIVERSIp6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:WINDOWS.0system32DRIVERSipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:WINDOWS.0system32DRIVERSipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:WINDOWS.0system32DRIVERSipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:Program FilesiPodbiniPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:WINDOWS.0system32DRIVERSipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:WINDOWS.0system32DRIVERSirenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service C:WINDOWS.0system32DRIVERSisapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service C:Program FilesJavajre6binjqs.exe (Java™ Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:WINDOWS.0system32DRIVERSkbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:WINDOWS.0system32driverskmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service C:Program FilesLavasoftAd-AwareAAWService.exe (Ad-Aware Service Application/Lavasoft) [AUTO] Lavasoft Ad-Aware Service
Service C:WINDOWS.0system32DRIVERSLbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:WINDOWS.0system32DRIVERSMarvinBus.sys (Pinnacle Marvin Discrete Bus Enumerator/Pinnacle Systems GmbH) [MANUAL] MarvinBus
Service system32DRIVERSmcdbus.sys [MANUAL] mcdbus
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) Messenger
Service C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:WINDOWS.0system32mnmsrvc.exe (NetMeeting Remote Desktop Sharing/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:WINDOWS.0system32DRIVERSmouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] Mouclass
Service C:WINDOWS.0system32DRIVERSmouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service C:WINDOWS.0system32DRIVERSMPE.sys (Microsoft MPE to IP Filter/Microsoft Corporation) [MANUAL] MPE
Service [DISABLED] mraid35x
Service C:WINDOWS.0system32DRIVERSmrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:WINDOWS.0system32DRIVERSmrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:WINDOWS.0system32msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:WINDOWS.0system32msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:WINDOWS.0system32driversMSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:WINDOWS.0system32driversMSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:WINDOWS.0system32driversMSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:WINDOWS.0system32DRIVERSmssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:WINDOWS.0system32driversMSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:WINDOWS.0system32DRIVERSNABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:WINDOWS.0system32DRIVERSNdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP
Service C:WINDOWS.0system32DRIVERSndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:WINDOWS.0system32DRIVERSndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:WINDOWS.0system32DRIVERSndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:Program FilesNeroNero8Nero BackItUpNBService.exe (Nero BackItUp/Nero AG) [AUTO] Nero BackItUp Scheduler 3
Service C:WINDOWS.0system32DRIVERSnetaapl.sys (Apple Mobile Device Ethernet/Apple Inc.) [MANUAL] Netaapl
Service C:WINDOWS.0system32DRIVERSnetbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:WINDOWS.0system32DRIVERSnetbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:WINDOWS.0system32netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDE
Service C:WINDOWS.0system32netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:WINDOWS.0system32lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:WINDOWS.0Microsoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:WINDOWS.0system32DRIVERSnic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service C:Program FilesCommon FilesNeroLibNMIndexingService.exe (Nero Home/Nero AG) [MANUAL] NMIndexingService
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:WINDOWS.0system32lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:WINDOWS.0system32DRIVERSnv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 257.21 /NVIDIA Corporation) [MANUAL] nv
Service C:WINDOWS.0system32nvsvc32.exe (NVIDIA Driver Helper Service, Version 257.21/NVIDIA Corporation) [AUTO] NVSvc
Service C:WINDOWS.0system32DRIVERSnwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:WINDOWS.0system32DRIVERSnwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
Service C:WINDOWS.0system32DRIVERSohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [BOOT] ohci1394
Service C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service C:WINDOWS.0system32driversctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) [MANUAL] ossrv
Service Outlook
Service C:WINDOWS.0system32DRIVERSparport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm
Service C:WINDOWS.0system32DRIVERSpci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] PCIIde
Service (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:WINDOWS.0system32IoctlSvc.exe (PLFlash DeviceIoControl Service/Prolific Technology Inc.) [AUTO] PLFlash DeviceIoControl Service
Service C:WINDOWS.0system32services.exe (Services and Controller app/Microsoft Corporation) [AUTO] PlugPlay
Service C:WINDOWS.0system32HPZipm12.exe (PML Driver/HP) [AUTO] Pml Driver HPZ12
Service C:WINDOWS.0system32lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:WINDOWS.0system32DRIVERSraspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:WINDOWS.0system32lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:WINDOWS.0system32DRIVERSpsched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:WINDOWS.0system32DRIVERSptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:WINDOWS.0System32DriversPxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:WINDOWS.0system32DRIVERSOVCD.sys (Video Minidriver/Microsoft Corporation) [MANUAL] QCDonner
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:WINDOWS.0system32DRIVERSrasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:WINDOWS.0system32DRIVERSrasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:WINDOWS.0system32DRIVERSraspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:WINDOWS.0system32DRIVERSraspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:WINDOWS.0system32DRIVERSrdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:WINDOWS.0System32DRIVERSRDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:WINDOWS.0system32DRIVERSrdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:WINDOWS.0system32sessmgr.exe (Microsoft® Remote Desktop Help Session Manager/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:WINDOWS.0system32DRIVERSredbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) [SYSTEM] redbook
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry
Service C:WINDOWS.0system32locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:WINDOWS.0system32DRIVERSrspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service C:WINDOWS.0system32rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:WINDOWS.0system32lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:WINDOWS.0system32DRIVERSemScan.sys (USB 28xx WDM Upper Filter/eMPIA Technology, Inc.) [MANUAL] ScanUSBEMPIA
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:WINDOWS.0system32DRIVERSsecdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] Secdrv
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:WINDOWS.0system32DRIVERSserenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:WINDOWS.0system32DRIVERSserial.sys (Serial Device Driver/Microsoft Corporation) [SYSTEM] Serial
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service C:WINDOWS.0system32DRIVERSSLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP
Service SMSvcHost 3.0.0.0
Service [DISABLED] Sparrow
Service C:WINDOWS.0system32driverssplitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:WINDOWS.0system32spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:WINDOWS.0System32Driverssptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) [DISABLED] sptd
Service C:WINDOWS.0system32DRIVERSsr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) [BOOT] Sr
Service system32ZoneLabssrescan.sys [BOOT] srescan
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:WINDOWS.0system32DRIVERSsrv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:WINDOWS.0system32DRIVERSssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc
Service C:WINDOWS.0system32DRIVERSStreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:WINDOWS.0system32DRIVERSswenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:WINDOWS.0system32driversswmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:WINDOWS.0system32dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:WINDOWS.0system32driverssysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:WINDOWS.0system32smlogsvc.exe (Performance Logs and Alerts Service/Microsoft Corporation) [MANUAL] SysmonLog
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:WINDOWS.0system32DRIVERStcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (IPv6 driver/Microsoft Corporation) Tcpip6
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:WINDOWS.0system32DRIVERStermdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service C:WINDOWS.0system32DRIVERSLTSMT.sys (SoftModem Device Driver/LT) [MANUAL] TOSHIBASoftModem
Service [DISABLED] TosIde
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service [DISABLED] ultra
Service C:WINDOWS.0system32DRIVERSupdate.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:WINDOWS.0System32ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service usb
Service C:WINDOWS.0System32Driversusbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:WINDOWS.0system32DRIVERSusbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:WINDOWS.0system32DRIVERSusbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:WINDOWS.0system32DRIVERSusbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:WINDOWS.0system32DRIVERSusbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:WINDOWS.0system32DRIVERSusbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:WINDOWS.0system32DRIVERSUSBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:WINDOWS.0system32DRIVERSusbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:WINDOWS.0System32driversvga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service system32DRIVERSvmnetadapter.sys [MANUAL] VMnetAdapter
Service (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] VolSnap
Service C:WINDOWS.0System32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) [SYSTEM] vsdatant
Service C:WINDOWS.0system32ZoneLabsvsmon.exe (TrueVector Service/Check Point Software Technologies LTD) [AUTO] vsmon
Service C:WINDOWS.0System32vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:WINDOWS.0system32DRIVERSwanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service C:WINDOWS.0system32DRIVERSWdf01000.sys (WDF Dynamic/Microsoft Corporation) [MANUAL] Wdf01000
Service [MANUAL] WDICA
Service C:WINDOWS.0system32driverswdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service Windows Workflow Foundation 3.0.0.0
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi
Service WmiApRpl
Service C:WINDOWS.0system32wbemwmiapsrv.exe (WMI Performance Adapter Service/Microsoft Corporation) [MANUAL] WmiApSrv
Service C:Program FilesWindows Media PlayerWMPNetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service C:WINDOWS.0System32driversws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] WS2IFSL
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:WINDOWS.0system32DRIVERSWSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:WINDOWS.0system32DRIVERSWudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service C:WINDOWS.0system32DRIVERSwudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd
Service C:WINDOWS.0system32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:WINDOWS.0System32svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {00A43C87-0CA5-4D33-826E-241E0FC06D23}
Service {0E62F403-35FD-4226-930D-A70BEA5B55AD}
Service {62FD08EE-D8E7-4F5D-BB54-F517004C9AEE}
Service {9CD8C9C1-914C-42A0-8CD2-0F049279EF42}
Service {B716CE5F-9D07-4634-83D4-0340260DDCF0}

Edited by Budapest, 05 August 2010 - 05:55 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:50 AM

Posted 06 August 2010 - 05:20 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 plomper

plomper
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 August 2010 - 09:32 AM

OTL Extras logfile created on: 8/06/2010 10:24:39 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Administrator\Desktop\APPS I DONT USE
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 3.86 Gb Free Space | 1.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 372.60 Gb Total Space | 220.69 Gb Free Space | 59.23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 3.80 Gb Total Space | 2.75 Gb Free Space | 72.33% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: DDP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.ini [@ = inifile] -- C:\WINDOWS.0\System32\NOTEPAD2.EXE ()
.txt [@ = txtfile] -- C:\WINDOWS.0\System32\NOTEPAD2.EXE ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- C:\WINDOWS.0\system32\NOTEPAD2.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- C:\WINDOWS.0\system32\NOTEPAD2.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [print] -- Reg Error: Key error.
inifile [open] -- C:\WINDOWS.0\system32\NOTEPAD2.EXE %1 ()
inifile [print] -- Reg Error: Key error.
InternetShortcut [print] -- Reg Error: Key error.
jsfile [edit] -- C:\WINDOWS.0\system32\Notepad2.exe %1 ()
jsefile [edit] -- C:\WINDOWS.0\system32\Notepad2.exe %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- C:\WINDOWS.0\system32\NOTEPAD2.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\WINDOWS.0\system32\NOTEPAD2.EXE %1 ()
txtfile [print] -- Reg Error: Key error.
vbefile [edit] -- C:\WINDOWS.0\system32\Notepad2.exe %1 ()
vbsfile [edit] -- C:\WINDOWS.0\system32\Notepad2.exe %1 ()
wsffile [edit] -- C:\WINDOWS.0\system32\Notepad2.exe %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [CmdHere] -- C:\WINDOWS.0\system32\cmd.exe /k cd "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [myclean] -- MyCleaner.exe %1
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [openNew] -- explorer.exe /e, %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe" = C:\Users\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup -- (Kaspersky Lab)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS4 -- (Adobe Systems, Inc.)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00798ADE-95E9-462D-838C-ECACA2B5E9B1}" = Quicken 2006
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F8C8B5A-B076-4400-8262-41D6131099ED}" = ImpôtRapide 2009
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{167ABF69-A947-4839-856D-3BA2274FCBE9}" = ImpôtRapide 2008
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E187923-04E5-4E1F-9BF2-40E32D93A1C4}" = HP Color LaserJet CP1210 Series Toolbox
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{26DDB12A-CB5E-4C0B-89AF-817CA0E59CC9}" = HP LaserJet Toolbox
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52E819E9-C69A-4AF6-B2B3-BC01F8B0ECA3}" = Toon Boom Storyboard Pro Trial
"{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67330878-0617-41A9-A3B0-B5298E89E7BC}" = Pinnacle Winter Pack
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6B0DC474-A5F0-4091-8913-25E9DA2E7F53}" = Asoftech Photo Recovery
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{6D45EF03-E8EE-4355-81C3-F918CBCF1033}" = Nero 8
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{893FC88E-70C1-409D-AF31-9E8D9441B0D8}" = MSN Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BF58D21-7A60-457B-8FCB-3BDC23155B7D}" = DavkaWriter Platinum Demo
"{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215
"{9cf13d50-c793-4fd2-b902-afafe4aa12b8}" = Nero 9 Trial
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_933" = Adobe Acrobat 9.3.3 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{BF26E713-43CD-43AD-AF28-A905C1E26D8C}" = DVDneXtCOPY3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F3A52623-4890-415D-A43A-F71A3A39C273}" = HPCarePackProducts
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9A1E23D-E104-11D6-B557-00C04F4351FF}" = Caillou Les Quatre Saisons
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"3D-Album-CS" = 3D-Album-CS
"Ad-Aware" = Ad-Aware
"Adibou et l'Ombre Verte V.1.00 on C" = Adibou et l'Ombre Verte V.1.00 on C
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_aafbab2a1213860f65effefc066f49d" = Adobe Premiere Pro CS4
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.8
"Attribute Changer" = Attribute Changer 5.23
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner (remove only)
"CobBackup10" = Cobian Backup 10
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CPLBonus" = CPL All-in-One
"Data Doctor Recovery - Memory Card (Demo)" = Data Doctor Recovery - Memory Card (Demo)
"DVDneXtCOPY" = DVDneXtCOPY
"EndItAll_is1" = EndItAll 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Fashion Solitaire" = Fashion Solitaire
"Free Create-Burn ISO Image_is1" = Free Create-Burn ISO Image v2.0
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Games_Bar_1 Toolbar" = Games_Bar_1 Toolbar
"HijackThis" = HijackThis 2.0.2
"HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"iCare Data Recovery_is1" = iCare Data Recovery 3.8.1
"ie7" = Windows Internet Explorer 7
"Jane's Zoo" = Jane's Zoo
"La chasse au trésor" = La chasse au trésor
"L'anniversaire" = L'anniversaire
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PFPortChecker" = PFPortChecker 1.0.28
"Picasa 3" = Picasa 3
"PQ_DVD_to_iPod_Video_Converter" = PQ DVD to iPod Video Converter (remove only)
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"RealPlayer 12.0" = RealPlayer
"RegShot" = RegShot 1.7.2.5
"Remote PC Suite" = Remote PC Suite 1.3
"Sierra Utilities" = Utilitaires Sierra
"TaskSwitchXP" = TaskSwitchXP
"The 80 Classic Games" = Atari: The 80 Classic Games
"Toshiba Soft Modem" = Toshiba Soft Modem AMR
"TurboTax 2008" = TurboTax 2008
"Unlocker" = Unlocker 1.8.5
"USSF" = Universal Silent Switch Finder
"Visviva Animation Player" = Visviva Animation Player
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3c
"Windows Registry Repair Pro_is1" = Windows Registry Repair Pro
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinUndelete" = WinUndelete
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/27/2010 4:51:00 PM | Computer Name = DDP | Source = Avira AntiVir | ID = 4118
Description = EXCEPTION calling function <Scan> for the file D:\DSC_0922.JPG [ACCESS_VIOLATION
Exception!! EIP = 0x1abc328] Please inform Avira and submit the appropriate file!

Error - 6/28/2010 12:28:06 AM | Computer Name = DDP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/29/2010 1:36:36 PM | Computer Name = DDP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/29/2010 2:01:49 PM | Computer Name = DDP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 6/30/2010 5:10:42 PM | Computer Name = DDP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/30/2010 5:13:29 PM | Computer Name = DDP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/30/2010 5:13:36 PM | Computer Name = DDP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/30/2010 5:13:38 PM | Computer Name = DDP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 7/1/2010 9:43:23 PM | Computer Name = DDP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 7/4/2010 6:09:10 PM | Computer Name = DDP | Source = Windows Live Messenger | ID = 1000
Description =

[ OSession Events ]
Error - 1/13/2010 8:01:30 AM | Computer Name = DDP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 934
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/27/2010 3:57:03 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%1058

Error - 7/27/2010 3:57:03 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 7/27/2010 3:57:03 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/27/2010 4:40:55 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%1058

Error - 7/27/2010 4:40:55 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 7/27/2010 4:40:55 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/27/2010 4:41:00 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 7/28/2010 12:55:04 AM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%1058

Error - 7/28/2010 12:55:04 AM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 7/28/2010 12:55:04 AM | Computer Name = DDP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >







OTL logfile created on: 8/6/2010 10:27:20 AM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Administrator\Desktop\APPS I DONT USE
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 1.93 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 372.60 Gb Total Space | 70.62 Gb Free Space | 18.95% Space Free | Partition Type: NTFS
Drive G: | 148.96 Gb Total Space | 16.43 Gb Free Space | 11.03% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DDP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/11 20:27:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\APPS I DONT USE\OTL.exe
PRC - [2009/08/26 19:17:37 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/05 16:07:38 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/03/10 22:03:58 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/01 23:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/10/09 15:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS.0\system32\HPZipm12.exe
PRC - [2006/12/02 05:00:00 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/11 20:27:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\APPS I DONT USE\OTL.exe
MOD - [2006/12/02 05:00:00 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/12/02 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)
SRV - [2010/07/12 04:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS.0\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 16:07:38 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/22 00:36:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/28 21:48:51 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/03/10 22:03:58 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/03 00:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/10/09 15:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/14 15:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS.0\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/01/04 10:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/07 19:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS.0\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/12/06 15:07:25 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS.0\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/28 23:36:06 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/04/23 03:50:09 | 000,646,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS.0\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/03/29 20:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/10 22:03:58 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/12 22:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/13 17:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\adfs.sys -- (adfs)
DRV - [2006/12/11 21:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/12/02 05:00:00 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS.0\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [2006/10/03 07:15:22 | 000,158,208 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/08/11 09:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 09:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 09:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 09:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 09:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 09:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 09:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 09:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 09:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/12/20 19:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/20 19:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/20 19:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/11/10 12:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/09/23 09:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/03 09:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\MPE.sys -- (MPE)
DRV - [2001/08/17 00:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/16 22:28:12 | 000,797,500 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LTSMT.sys -- (TOSHIBASoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-606747145-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1343024091-606747145-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKU\S-1-5-21-1343024091-606747145-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1343024091-606747145-725345543-500\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1343024091-606747145-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-606747145-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://ca.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 16:50:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 16:50:20 | 000,000,000 | ---D | M]

[2009/07/21 23:35:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Mozilla\Extensions
[2010/07/27 00:37:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\hgj397wo.default\extensions
[2010/01/17 18:49:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\hgj397wo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/16 17:27:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2009/04/28 08:05:31 | 000,000,722 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1343024091-606747145-725345543-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\S-1-5-18..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKU\.DEFAULT..\RunOnce: [nltide1] C:\WINDOWS.0\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS.0\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS.0\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide1] C:\WINDOWS.0\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS.0\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS.0\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O4 - Startup: C:\Users\steven\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108855
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1343024091-606747145-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-606747145-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 359
O7 - HKU\S-1-5-21-1343024091-606747145-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1343024091-606747145-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1343024091-606747145-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1343024091-606747145-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E7 FF FF 03 [binary data]
O7 - HKU\S-1-5-21-1343024091-606747145-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS.0\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1240731040781 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-ir2008 {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - C:\Program Files\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS.0\system32\acaptuser32.dll) - C:\WINDOWS.0\system32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/23 03:49:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/03/20 12:19:32 | 000,000,139 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS.0\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/01 22:29:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Spycar
[2010/08/01 21:33:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\My-3D-Album
[2010/08/01 21:30:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Pinnacle Studio
[2010/08/01 10:12:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\from g drive doc
[2010/07/28 19:31:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\Safe mirror
[2010/07/28 19:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/07/25 11:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Games_Bar_1
[2010/07/23 16:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/23 16:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/23 16:55:51 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/23 16:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/23 16:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/22 11:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Machinist 2
[2010/07/21 14:29:04 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\acaptuser32.dll
[2010/07/21 13:27:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\Sunbelt Software
[2010/07/21 13:27:07 | 000,000,000 | -H-D | C] -- C:\Users\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/18 20:07:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\DivXToDvd
[2010/07/18 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2010/07/13 01:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\3D-Album-CS
[2010/07/12 23:25:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\planes
[2010/07/12 23:23:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\thomas
[2010/07/08 19:35:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\7-8-2010
[2009/04/23 13:34:54 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS.0\System32\a3d.dll
[1 C:\Users\Administrator\My Documents\*.tmp files -> C:\Users\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/06 10:26:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS.0\tasks\Ad-Aware Update (Weekly).job
[2010/08/06 10:25:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\PropertyTaskUserS-1-5-21-1343024091-606747145-725345543-500.job
[2010/08/06 10:24:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT
[2010/08/06 10:24:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2010/08/06 09:20:08 | 000,427,986 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat
[2010/08/06 09:20:08 | 000,065,950 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat
[2010/08/06 09:20:07 | 000,502,746 | ---- | M] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI
[2010/08/06 09:15:50 | 009,175,040 | ---- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2010/08/06 07:41:05 | 000,507,904 | ---- | M] () -- C:\Users\Administrator\My Documents\PLAN D'AFFAIRES MODELE.doc
[2010/08/05 22:31:02 | 000,152,150 | ---- | M] () -- C:\Users\Administrator\Desktop\linda&steven 2009(2).q09
[2010/08/05 22:30:59 | 000,152,150 | ---- | M] () -- C:\Users\Administrator\Desktop\linda&steven 2009(2).qbk
[2010/08/05 14:26:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2010/08/05 14:25:24 | 000,030,912 | ---- | M] () -- C:\WINDOWS.0\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/08/05 14:25:24 | 000,030,912 | ---- | M] () -- C:\WINDOWS.0\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/08/05 14:25:24 | 000,030,120 | ---- | M] () -- C:\WINDOWS.0\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/08/05 14:25:24 | 000,030,120 | ---- | M] () -- C:\WINDOWS.0\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/08/05 14:25:24 | 000,011,564 | ---- | M] () -- C:\WINDOWS.0\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/08/05 14:25:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS.0\System32\settingsbkup.sfm
[2010/08/05 14:25:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS.0\System32\settings.sfm
[2010/08/05 14:24:53 | 009,105,640 | -H-- | M] () -- C:\Users\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/05 11:40:04 | 000,167,557 | ---- | M] () -- C:\Users\Administrator\My Documents\Rivka.pptx
[2010/08/05 00:12:20 | 000,078,285 | ---- | M] () -- C:\Users\Administrator\Desktop\linda&steven 2009(1).q09
[2010/08/05 00:11:54 | 000,078,285 | ---- | M] () -- C:\Users\Administrator\Desktop\linda&steven 2009(1).qbk
[2010/08/04 23:15:24 | 000,030,208 | ---- | M] () -- C:\Users\Administrator\My Documents\MENU 2010-2011 .doc
[2010/08/04 23:01:37 | 000,083,938 | ---- | M] () -- C:\Users\Administrator\My Documents\NEW CONTRACT 2010-2011.docx
[2010/08/04 13:37:01 | 000,000,174 | ---- | M] () -- C:\WINDOWS.0\Quicken.ini
[2010/08/04 02:44:13 | 000,061,897 | ---- | M] () -- C:\Users\Administrator\Desktop\linda&steven 2009.q09
[2010/08/03 13:08:31 | 000,000,178 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini
[2010/08/03 08:42:01 | 000,012,669 | ---- | M] () -- C:\Users\Administrator\My Documents\lettre aux parents vacances.docx
[2010/08/03 08:31:43 | 000,000,162 | -H-- | M] () -- C:\Users\Administrator\My Documents\~$ttre aux parents vacances.docx
[2010/08/02 21:48:46 | 000,000,205 | ---- | M] () -- C:\Users\Administrator\Application Data\default.pls
[2010/08/02 21:38:41 | 000,000,069 | ---- | M] () -- C:\WINDOWS.0\NeroDigital.ini
[2010/07/30 15:28:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2010/07/30 14:48:03 | 000,365,568 | ---- | M] () -- C:\Users\Administrator\My Documents\Publication3.pub
[2010/07/30 13:46:48 | 000,098,816 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 13:21:44 | 001,064,960 | ---- | M] () -- C:\Users\Administrator\My Documents\Publication 1.pub
[2010/07/30 11:35:30 | 000,844,288 | ---- | M] () -- C:\Users\Administrator\My Documents\Publication2.pub
[2010/07/30 10:28:59 | 000,421,531 | ---- | M] () -- C:\WINDOWS.0\System32\vsconfig.xml
[2010/07/30 10:28:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS.0\MEMORY.DMP
[2010/07/29 22:33:07 | 000,005,301 | ---- | M] () -- C:\Users\Administrator\My Documents\DDS.zip
[2010/07/28 13:02:56 | 000,002,191 | ---- | M] () -- C:\Users\All Users\Desktop\Safari.lnk
[2010/07/28 11:15:06 | 000,092,160 | ---- | M] () -- C:\Users\Administrator\My Documents\Steven Kaminsky 2010.doc
[2010/07/28 11:14:24 | 000,000,162 | -H-- | M] () -- C:\Users\Administrator\My Documents\~$even Kaminsky 2010.doc
[2010/07/28 07:34:04 | 000,011,705 | ---- | M] () -- C:\Users\Administrator\My Documents\ILOVE YOU ARE YSHIRA FOR YOSSEF.docx
[2010/07/26 12:02:51 | 000,002,141 | ---- | M] () -- C:\Users\All Users\Desktop\iTunes.lnk
[2010/07/23 16:50:11 | 000,001,608 | ---- | M] () -- C:\Users\All Users\Desktop\QuickTime Player.lnk
[2010/07/22 22:10:45 | 000,000,349 | ---- | M] () -- C:\Users\All Users\Documents\PCLECHAL.INI
[2010/07/22 13:47:04 | 000,000,686 | ---- | M] () -- C:\Users\All Users\Desktop\DVDneXtCOPY 3.lnk
[2010/07/21 13:42:49 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS.0\System32\drivers\SBREDrv.sys
[2010/07/20 15:42:28 | 000,217,180 | ---- | M] () -- C:\WINDOWS.0\System32\nvdrsdb0.bin
[2010/07/20 15:42:28 | 000,000,001 | ---- | M] () -- C:\WINDOWS.0\System32\nvdrssel.bin
[2010/07/18 19:50:42 | 000,000,700 | ---- | M] () -- C:\Users\Administrator\Desktop\VSO DivxToDVD.lnk
[2010/07/12 21:56:13 | 000,038,878 | ---- | M] () -- C:\Users\Administrator\My Documents\planebdayparty1.jpg
[2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS.0\System32\drivers\Lbd.sys
[2010/07/12 04:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS.0\System32\lsdelete.exe
[2010/07/08 19:32:52 | 000,217,180 | ---- | M] () -- C:\WINDOWS.0\System32\nvdrsdb1.bin
[2010/07/08 19:20:21 | 000,000,022 | ---- | M] () -- C:\WINDOWS.0\System32\nvModes.dat
[1 C:\Users\Administrator\My Documents\*.tmp files -> C:\Users\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/06 07:41:04 | 000,507,904 | ---- | C] () -- C:\Users\Administrator\My Documents\PLAN D'AFFAIRES MODELE.doc
[2010/08/05 11:40:04 | 000,167,557 | ---- | C] () -- C:\Users\Administrator\My Documents\Rivka.pptx
[2010/08/05 00:12:32 | 000,152,150 | ---- | C] () -- C:\Users\Administrator\Desktop\linda&steven 2009(2).qbk
[2010/08/05 00:12:32 | 000,152,150 | ---- | C] () -- C:\Users\Administrator\Desktop\linda&steven 2009(2).q09
[2010/08/04 23:15:23 | 000,030,208 | ---- | C] () -- C:\Users\Administrator\My Documents\MENU 2010-2011 .doc
[2010/08/04 23:01:36 | 000,083,938 | ---- | C] () -- C:\Users\Administrator\My Documents\NEW CONTRACT 2010-2011.docx
[2010/08/04 02:44:25 | 000,078,285 | ---- | C] () -- C:\Users\Administrator\Desktop\linda&steven 2009(1).qbk
[2010/08/04 02:44:25 | 000,078,285 | ---- | C] () -- C:\Users\Administrator\Desktop\linda&steven 2009(1).q09
[2010/08/04 02:44:12 | 000,061,897 | ---- | C] () -- C:\Users\Administrator\Desktop\linda&steven 2009.q09
[2010/08/03 08:31:43 | 000,012,669 | ---- | C] () -- C:\Users\Administrator\My Documents\lettre aux parents vacances.docx
[2010/08/03 08:31:43 | 000,000,162 | -H-- | C] () -- C:\Users\Administrator\My Documents\~$ttre aux parents vacances.docx
[2010/07/30 14:48:03 | 000,365,568 | ---- | C] () -- C:\Users\Administrator\My Documents\Publication3.pub
[2010/07/30 11:36:06 | 001,064,960 | ---- | C] () -- C:\Users\Administrator\My Documents\Publication 1.pub
[2010/07/30 11:20:51 | 000,844,288 | ---- | C] () -- C:\Users\Administrator\My Documents\Publication2.pub
[2010/07/29 22:33:07 | 000,005,301 | ---- | C] () -- C:\Users\Administrator\My Documents\DDS.zip
[2010/07/28 11:14:24 | 000,000,162 | -H-- | C] () -- C:\Users\Administrator\My Documents\~$even Kaminsky 2010.doc
[2010/07/23 16:57:23 | 000,002,141 | ---- | C] () -- C:\Users\All Users\Desktop\iTunes.lnk
[2010/07/23 16:50:11 | 000,001,608 | ---- | C] () -- C:\Users\All Users\Desktop\QuickTime Player.lnk
[2010/07/23 16:37:56 | 000,002,191 | ---- | C] () -- C:\Users\All Users\Desktop\Safari.lnk
[2010/07/21 08:35:54 | 000,011,705 | ---- | C] () -- C:\Users\Administrator\My Documents\ILOVE YOU ARE YSHIRA FOR YOSSEF.docx
[2010/07/18 19:50:42 | 000,000,700 | ---- | C] () -- C:\Users\Administrator\Desktop\VSO DivxToDVD.lnk
[2010/07/14 10:19:31 | 000,000,472 | ---- | C] () -- C:\WINDOWS.0\tasks\Ad-Aware Update (Weekly).job
[2010/07/12 21:47:20 | 000,038,878 | ---- | C] () -- C:\Users\Administrator\My Documents\planebdayparty1.jpg
[2010/06/30 00:40:57 | 000,000,075 | ---- | C] () -- C:\WINDOWS.0\System32\ssprs.dll
[2010/06/30 00:40:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\System32\tmpPrst.dll
[2010/06/30 00:40:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\System32\lsprst7.dll
[2010/06/07 17:31:33 | 000,001,029 | ---- | C] () -- C:\WINDOWS.0\maxlink.ini
[2010/01/19 15:40:52 | 008,330,560 | ---- | C] () -- C:\WINDOWS.0\System32\vaengine.dll
[2009/11/05 00:44:32 | 000,000,174 | ---- | C] () -- C:\WINDOWS.0\Quicken.ini
[2009/11/05 00:44:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS.0\intuprof.ini
[2009/10/20 11:31:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS.0\NeroDigital.ini
[2009/10/20 10:06:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\SETUP32.INI
[2009/07/20 18:24:31 | 000,000,633 | ---- | C] () -- C:\WINDOWS.0\E-REGTLC.INI
[2009/07/16 19:32:48 | 000,000,051 | ---- | C] () -- C:\WINDOWS.0\TLCAPPS.INI
[2009/06/03 08:26:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS.0\System32\PsisDecd.dll
[2009/06/03 08:02:27 | 000,237,568 | R--- | C] () -- C:\WINDOWS.0\System32\qtmlClient.dll
[2009/06/03 08:02:27 | 000,002,371 | ---- | C] () -- C:\WINDOWS.0\Graffiti5.2Pin.ini
[2009/05/07 18:24:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\AUTORUN.INI
[2009/05/07 18:24:09 | 000,000,328 | ---- | C] () -- C:\WINDOWS.0\SIERRA.INI
[2009/05/06 20:14:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS.0\System32\xvidvfw.dll
[2009/05/02 23:23:35 | 000,000,033 | ---- | C] () -- C:\WINDOWS.0\avitoipod.ini
[2009/04/26 08:49:18 | 000,077,824 | R--- | C] () -- C:\WINDOWS.0\System32\HPZIDS01.dll
[2009/04/23 19:06:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS.0\System32\nvnt4cpl.dll
[2009/04/23 13:34:56 | 000,031,745 | ---- | C] () -- C:\WINDOWS.0\System32\nkreg32.dll
[2009/04/23 13:34:56 | 000,030,721 | ---- | C] () -- C:\WINDOWS.0\System32\asindis.dll
[2009/04/23 13:34:56 | 000,023,552 | ---- | C] () -- C:\WINDOWS.0\System32\2itwwun.dll
[2009/04/23 13:34:55 | 000,071,680 | ---- | C] () -- C:\WINDOWS.0\System32\CTMMACTL.DLL
[2009/04/23 13:34:54 | 000,037,888 | ---- | C] () -- C:\WINDOWS.0\System32\CTBURST.DLL
[2009/04/23 13:34:41 | 000,086,446 | ---- | C] () -- C:\WINDOWS.0\System32\instwdm.ini
[2009/04/23 13:34:41 | 000,000,307 | ---- | C] () -- C:\WINDOWS.0\System32\KILL.INI
[2009/04/23 13:34:41 | 000,000,054 | ---- | C] () -- C:\WINDOWS.0\System32\ctzapxx.ini
[2009/04/23 04:06:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\CTXFIRES.DLL
[2009/04/23 03:45:51 | 000,271,264 | ---- | C] () -- C:\WINDOWS.0\System32\vbrun100.dll
[2009/04/23 03:45:26 | 000,175,616 | ---- | C] () -- C:\WINDOWS.0\System32\mmm.dll
[2009/04/23 03:45:22 | 000,000,133 | ---- | C] () -- C:\WINDOWS.0\System32\cpuz.ini
[2009/03/10 23:34:23 | 000,002,048 | ---- | C] () -- C:\WINDOWS.0\System32\sysprs7.dll
[2009/03/10 23:34:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS.0\System32\clauth2.dll
[2009/03/10 23:34:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS.0\System32\clauth1.dll
[2009/03/10 23:34:23 | 000,000,021 | ---- | C] () -- C:\WINDOWS.0\SurCode.INI
[2008/02/08 03:13:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS.0\System32\LS3Renderer.dll
[2008/02/06 20:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS.0\System32\hppatusg01.dll
[2007/03/31 10:00:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS.0\System32\perielloui.dll
[2007/01/25 12:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS.0\System32\mase32.dll
[2007/01/25 12:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS.0\System32\ma32.dll
[2006/12/02 05:00:00 | 000,394,240 | ---- | C] () -- C:\WINDOWS.0\System32\HMTCD.dll
[2006/12/02 05:00:00 | 000,000,125 | ---- | C] () -- C:\WINDOWS.0\System32\oeminfo.ini
[2005/10/20 19:32:02 | 000,647,168 | ---- | C] () -- C:\WINDOWS.0\System32\pqdvdb.dll
[2005/10/14 06:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS.0\System32\qt-dx331.dll
[2005/10/14 06:56:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS.0\System32\xvidcore.dll
[2005/10/14 06:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS.0\System32\xvid.dll
[2003/10/17 13:59:12 | 008,330,560 | ---- | C] () -- C:\WINDOWS.0\System32\vaesaver.dll
[2002/08/09 13:15:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS.0\System32\Welsof32.dll
[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS.0\System32\Jpeg32.dll
[2001/07/06 13:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS.0\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Users\All Users\Application Data\TEMP:04A2BA27
@Alternate Data Stream - 115 bytes -> C:\Users\All Users\Application Data\TEMP:A988B257
@Alternate Data Stream - 110 bytes -> C:\Users\All Users\Application Data\TEMP:417EFB56
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-06 10:21:28
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\Windows\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB391C534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB3916782]
SSDT F7AC1EEE ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB391CCC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB392FEB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB39302A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB3939916]
SSDT F7AC1EE4 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB391CDF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB3917398]
SSDT F7AC1EF3 ZwDeleteKey
SSDT F7AC1EFD ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB392EDF0]
SSDT F7AC1F02 ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB3937B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB3916FAA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB39321CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB3931DF8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB39388D2]
SSDT F7AC1F0C ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB391C0F4]
SSDT F7AC1F07 ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB391C7DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB391775C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB3938E12]
SSDT F7AC1EF8 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB3930F0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB3930C86]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4968 12 Bytes [C0, CC, 91, B3, B4, FE, 92, ...]
.text C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F4C3A0, 0x592C35, 0xE8000020]
pnidata C:\WINDOWS.0\system32\DRIVERS\secdrv.sys unknown last section [0xB29E3F00, 0x24000, 0x48000000]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x32 0x28 0x10 0xD7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS.0\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----


here are the files you asked for
im not sure if the gmer is completed
Thanks

Edited by plomper, 06 August 2010 - 09:39 AM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:50 AM

Posted 06 August 2010 - 09:47 AM

Hello,
First of all a warning: I see in your log you are using an illegal Adobe product. Many cracks for paid applications, besides legal issues, also bring with them malware. Its quite possible that the cleaning process will cause such applications not to work properly anymore
Therefore I advice you to uninstall any pirated software.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 plomper

plomper
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 August 2010 - 10:47 AM

ComboFix 10-08-05.07 - Administrator 08/06/2010 11:36:48.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2552 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows.0\system32\acaptuser32.dll
c:\windows.0\system32\lsprst7.dll
c:\windows.0\system32\settings.exe
c:\windows.0\system32\ssprs.dll
c:\windows.0\system32\tmpPrst.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-04 17:34 . 2010-08-04 17:34 3522560 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\15132-15141.DLL
2010-08-04 17:34 . 2010-08-04 17:34 3497984 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\15121-15132.DLL
2010-08-04 17:34 . 2010-08-04 17:34 249856 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\151165-15121.DLL
2010-08-04 17:34 . 2010-08-04 17:34 223584 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-08-04 17:34 . 2010-08-04 17:34 1564672 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\15141-15152.DLL
2010-08-04 17:34 . 2010-08-04 17:34 151552 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-08-04 17:34 . 2010-08-04 17:34 1089 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-08-02 02:29 . 2010-08-02 02:29 1536 ----a-w- c:\users\Administrator\Application Data\Spycar\1\HKLM_Run-Target.exe
2010-08-02 02:29 . 2010-08-02 02:29 -------- d-----w- c:\users\Administrator\Application Data\Spycar
2010-07-28 23:31 . 2010-07-28 23:31 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Safe mirror
2010-07-28 23:30 . 2010-07-28 23:31 -------- d-----w- c:\program files\Cobian Backup 10
2010-07-25 15:32 . 2010-07-25 15:32 -------- d-----w- c:\program files\Games_Bar_1
2010-07-23 20:55 . 2010-07-23 20:55 -------- d-----w- c:\program files\iPod
2010-07-23 20:55 . 2010-07-23 20:57 -------- d-----w- c:\users\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-23 20:55 . 2010-07-23 20:57 -------- d-----w- c:\program files\iTunes
2010-07-23 20:49 . 2010-07-23 20:50 -------- d-----w- c:\program files\QuickTime
2010-07-23 20:43 . 2010-07-23 20:43 -------- d-----w- c:\program files\Bonjour
2010-07-23 20:40 . 2010-07-23 20:40 73000 ------w- c:\users\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-23 20:34 . 2010-07-23 20:34 71992 ------w- c:\users\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-22 15:56 . 2010-07-22 20:05 -------- d-----w- c:\program files\Machinist 2
2010-07-21 17:27 . 2010-07-21 17:27 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Sunbelt Software
2010-07-21 17:27 . 2010-07-21 17:27 -------- dc-h--w- c:\users\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 17:27 . 2010-07-12 08:56 2979280 -c----w- c:\users\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-18 23:50 . 2010-07-18 23:50 -------- d-----w- c:\program files\vso
2010-07-13 05:37 . 2010-07-13 05:54 -------- d-----w- c:\program files\3D-Album-CS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 17:36 . 2009-11-05 04:44 -------- d-----w- c:\program files\Quicken
2010-08-03 23:29 . 2010-06-13 17:37 -------- d-----w- c:\program files\NetZero
2010-08-01 10:33 . 2010-04-25 21:48 -------- d-----w- c:\program files\ImpotRapide 2009
2010-07-30 02:14 . 2010-07-30 14:28 2011136 ----a-w- c:\windows.0\Internet Logs\xDB1E.tmp
2010-07-29 23:49 . 2010-07-30 14:28 2011136 ----a-w- c:\windows.0\Internet Logs\xDB1F.tmp
2010-07-27 19:43 . 2009-04-28 00:37 -------- d-----w- c:\users\Administrator\Application Data\Image Zone Express
2010-07-27 15:20 . 2009-05-22 15:18 21824964 ----a-w- c:\windows.0\Internet Logs\tvDebug.Zip
2010-07-23 20:55 . 2009-04-25 03:01 -------- d-----w- c:\program files\Common Files\Apple
2010-07-23 20:38 . 2009-07-17 12:23 -------- d-----w- c:\program files\Safari
2010-07-22 18:30 . 2010-01-23 18:54 -------- d-----w- c:\program files\DVDneXtCOPY3
2010-07-21 17:42 . 2009-10-27 16:42 95024 ------w- c:\windows.0\system32\drivers\SBREDrv.sys
2010-07-21 16:10 . 2009-04-24 03:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 19:42 . 2010-06-28 04:25 217180 ------w- c:\windows.0\system32\nvdrsdb0.bin
2010-07-20 19:42 . 2010-06-28 04:25 1 ------w- c:\windows.0\system32\nvdrssel.bin
2010-07-18 23:02 . 2009-11-23 16:01 -------- d-----w- c:\users\Administrator\Application Data\Any Video Converter Professional
2010-07-14 14:07 . 2009-04-25 01:55 -------- d-----w- c:\users\Administrator\Application Data\BitTorrent
2010-07-13 05:44 . 2010-01-19 19:41 -------- d-----w- c:\users\Administrator\Application Data\3D-Album
2010-07-12 08:55 . 2009-09-20 13:28 64288 ------w- c:\windows.0\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2009-09-20 14:41 15880 ------w- c:\windows.0\system32\lsdelete.exe
2010-07-09 00:01 . 2010-07-09 00:02 483328 ----a-w- c:\windows.0\Internet Logs\xDB1D.tmp
2010-07-08 23:34 . 2010-05-12 00:32 -------- d-----w- c:\program files\ERUNT
2010-07-08 23:32 . 2010-06-28 04:25 217180 ------w- c:\windows.0\system32\nvdrsdb1.bin
2010-07-08 23:29 . 2010-07-08 23:30 1783296 ----a-w- c:\windows.0\Internet Logs\xDB1C.tmp
2010-07-08 23:29 . 2010-07-08 23:30 1260544 ----a-w- c:\windows.0\Internet Logs\xDB1B.tmp
2010-07-08 23:20 . 2009-08-11 17:30 22 ------w- c:\windows.0\system32\nvModes.dat
2010-07-06 22:16 . 2010-03-09 19:47 439816 ------w- c:\users\Administrator\Application Data\Real\Update\setup3.10\setup.exe
2010-07-02 19:09 . 2010-07-02 19:09 -------- d-----w- c:\users\Administrator\Application Data\CheckPoint
2010-07-02 19:08 . 2010-07-02 19:08 -------- d-----w- c:\program files\Conduit
2010-07-02 19:08 . 2010-07-02 19:08 -------- d-----w- c:\program files\CheckPoint
2010-07-02 19:08 . 2009-05-19 12:22 4212 ---h--w- c:\windows.0\system32\zllictbl.dat
2010-06-28 04:26 . 2010-06-28 04:24 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-28 04:25 . 2010-06-28 04:25 -------- d-----w- c:\users\All Users\Application Data\NVIDIA Corporation
2010-06-23 17:51 . 2009-06-02 03:01 1238528 ----a-w- c:\windows.0\system32\zpeng25.dll
2010-06-23 17:51 . 2009-06-02 03:01 69120 ----a-w- c:\windows.0\system32\zlcomm.dll
2010-06-23 17:51 . 2009-06-02 03:01 103936 ----a-w- c:\windows.0\system32\zlcommdb.dll
2010-06-22 03:38 . 2010-06-22 03:24 -------- d-----w- c:\program files\iCare Data Recovery
2010-06-22 02:43 . 2010-06-22 02:43 -------- d-----w- c:\program files\SoftLogica
2010-06-22 01:21 . 2010-06-22 01:21 -------- d-----w- c:\program files\Runtime Software
2010-06-13 18:15 . 2010-06-13 18:15 -------- d-----w- c:\users\Administrator\Application Data\Leadertech
2010-06-13 18:13 . 2010-06-13 18:13 -------- d-----w- c:\program files\Atari
2010-06-09 08:06 . 2010-06-09 08:06 976832 ------w- c:\users\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ------w- c:\users\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ------w- c:\users\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ------w- c:\users\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-06-07 21:34 . 2010-06-07 21:34 81920 ------w- c:\windows.0\system32\nvwddi.dll
2010-06-07 21:34 . 2010-06-07 21:34 277608 ------w- c:\windows.0\system32\nvmccs.dll
2010-06-07 21:34 . 2010-06-07 21:34 13902440 ------w- c:\windows.0\system32\nvcpl.dll
2010-06-07 21:34 . 2010-06-07 21:34 110696 ------w- c:\windows.0\system32\nvmctray.dll
2010-06-07 21:34 . 2010-06-07 21:34 154728 ------w- c:\windows.0\system32\nvsvc32.exe
2010-06-07 21:34 . 2010-06-07 21:34 145000 ------w- c:\windows.0\system32\nvcolor.exe
2010-06-07 21:33 . 2010-06-07 21:33 -------- d-----w- c:\users\All Users\Application Data\ScanSoft
2010-06-07 21:33 . 2010-06-07 21:33 -------- d-----w- c:\users\Administrator\Application Data\PPIMAGES
2010-06-07 21:31 . 2010-06-07 21:31 -------- d-----w- c:\program files\Common Files\scansoft shared
2010-06-07 21:31 . 2010-06-07 21:31 -------- d-----w- c:\program files\Scansoft
2010-06-05 21:14 . 2010-06-05 21:14 664 ------w- c:\windows.0\system32\d3d9caps.dat
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ------w- c:\windows.0\system32\GPhotos.scr
2010-06-01 00:49 . 2010-06-01 00:49 5120 --sh--w- c:\program files\Thumbs.db
2010-05-22 16:06 . 2010-03-31 23:37 156328 ------w- c:\users\steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-18 20:35 . 2010-05-18 20:35 91424 ------w- c:\windows.0\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ------w- c:\windows.0\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ------w- c:\windows.0\system32\dns-sd.exe
2009-03-25 17:23 . 2008-10-16 18:37 40960 ----a-w- c:\program files\Common Files\qwver.dll
2008-11-16 17:06 . 2009-07-16 12:05 69815 ------w- c:\program files\QtimeKeys.JPG
2008-10-20 11:47 . 2009-07-16 12:08 923547 ------w- c:\program files\7z460.exe
2008-08-20 04:05 . 2009-07-16 12:08 23766320 ------w- c:\program files\QuickTimeInstaller.exe
.

------- Sigcheck -------

[-] 2006-12-02 . 253E84B9C0F0D9CD42E0892413D69DAA . 360704 . . [5.1.2600.2956] . . c:\windows.0\system32\drivers\tcpip.sys

[-] 2006-12-02 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows.0\system32\browser.dll

[-] 2006-12-02 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows.0\system32\netman.dll

[-] 2006-12-02 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows.0\system32\rpcss.dll

[-] 2006-12-02 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows.0\system32\spoolsv.exe

[-] 2006-12-02 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows.0\system32\comctl32.dll

[-] 2006-12-02 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows.0\system32\cryptsvc.dll

[-] 2006-12-02 09:00 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows.0\system32\es.dll

[-] 2006-12-02 . 16F21882C96EE0136A92E867DA94215C . 985600 . . [5.1.2600.2991] . . c:\windows.0\system32\kernel32.dll

[-] 2006-12-02 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows.0\system32\linkinfo.dll

[-] 2006-12-02 . 55F9A2333AEF7ECBA9AE3E65290A19E3 . 2277376 . . [5.1.2600.3023] . . c:\windows.0\system32\ntoskrnl.exe

[-] 2006-12-02 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows.0\system32\tapisrv.dll

[-] 2006-12-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows.0\system32\user32.dll

[-] 2006-12-02 . 42D32722B805D7DF42D30487A0BCBD78 . 1033216 . . [6.00.2900.2894] . . c:\windows.0\explorer.exe

[-] 2006-12-02 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows.0\system32\ole32.dll

[-] 2006-12-02 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows.0\system32\termsrv.dll

[-] 2005-05-28 10:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows.0\system32\drivers\aec.sys

[-] 2006-12-02 09:00 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows.0\system32\mspmsnsv.dll

[-] 2006-12-02 . 1F9DD693DF8F6A1841E57EC62D22CC1C . 2017280 . . [5.1.2600.3023] . . c:\windows.0\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-27_13.06.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 14:02 . 2009-07-11 14:02 59728 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 42832 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 43344 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 61264 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 62800 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 61760 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 61776 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 53568 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 63296 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 36688 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 35648 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 14:05 . 2009-07-11 14:05 59904 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 14:05 . 2009-07-11 14:05 59904 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 80896 c:\windows.0\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 80896 c:\windows.0\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2009-07-11 09:54 . 2009-07-11 09:54 65536 c:\windows.0\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 09:32 . 2009-07-11 09:32 49152 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 09:32 . 2009-07-11 09:32 49152 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 09:32 . 2009-07-11 09:32 61440 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 09:32 . 2009-07-11 09:32 61440 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 09:32 . 2009-07-11 09:32 61440 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 09:32 . 2009-07-11 09:32 57344 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 09:32 . 2009-07-11 09:32 65536 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 09:32 . 2009-07-11 09:32 45056 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 09:32 . 2009-07-11 09:32 40960 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 14:07 . 2009-07-11 14:07 57856 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 14:19 . 2009-07-11 14:19 69632 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 08:41 . 2009-07-11 08:41 97280 c:\windows.0\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-08-06 14:25 . 2010-08-06 14:25 16384 c:\windows.0\temp\Perflib_Perfdata_630.dat
+ 2009-06-02 03:02 . 2010-06-23 17:51 99328 c:\windows.0\system32\ZoneLabs\zlquarantine.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 70656 c:\windows.0\system32\ZoneLabs\zatray.exe
+ 2010-07-02 19:08 . 2010-06-23 17:51 21504 c:\windows.0\system32\ZoneLabs\lib\zsys.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 14336 c:\windows.0\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 46592 c:\windows.0\system32\ZoneLabs\lib\zfde.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 85504 c:\windows.0\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 37376 c:\windows.0\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 12800 c:\windows.0\system32\ZoneLabs\lib\oem_1488.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 12800 c:\windows.0\system32\ZoneLabs\lib\oem_1487.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 12800 c:\windows.0\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 20992 c:\windows.0\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 12800 c:\windows.0\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 10240 c:\windows.0\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 11264 c:\windows.0\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 14336 c:\windows.0\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 12288 c:\windows.0\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 11264 c:\windows.0\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 29184 c:\windows.0\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 13312 c:\windows.0\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 35840 c:\windows.0\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-06-02 03:02 . 2010-06-23 17:51 38912 c:\windows.0\system32\ZoneLabs\featuremap.dll
+ 2009-06-02 03:02 . 2010-06-23 17:51 75776 c:\windows.0\system32\ZoneLabs\camupd.dll
+ 2010-06-07 21:35 . 2001-08-18 02:36 87040 c:\windows.0\system32\wiafbdrv.dll
+ 2009-06-02 03:01 . 2010-06-23 17:51 43008 c:\windows.0\system32\vswmi.dll
+ 2009-06-02 03:02 . 2010-06-23 17:51 58368 c:\windows.0\system32\vsregexp.dll
+ 2010-06-07 21:32 . 2003-07-28 10:16 36864 c:\windows.0\system32\vizMicro.dll
+ 2009-04-23 07:49 . 2009-12-22 18:39 23856 c:\windows.0\system32\spupdsvc.exe
- 2009-04-23 07:49 . 2006-10-16 06:10 23856 c:\windows.0\system32\spupdsvc.exe
+ 2002-01-08 19:51 . 2002-01-08 19:51 47616 c:\windows.0\system32\spool\prtprocs\w32x86\ppbiPr.dll
+ 2002-01-08 19:51 . 2002-01-08 19:51 57344 c:\windows.0\system32\spool\drivers\w32x86\pport_res.dll
+ 2002-01-08 20:57 . 2002-01-08 20:57 56320 c:\windows.0\system32\spool\drivers\w32x86\ppbiUif.dll
+ 2002-01-08 20:57 . 2002-01-08 20:57 51712 c:\windows.0\system32\spool\drivers\w32x86\ppbiNT.dll
+ 2009-05-20 02:27 . 2009-08-20 03:48 34440 c:\windows.0\system32\spool\drivers\w32x86\3\ADREGP.DLL
+ 2009-05-20 02:27 . 2009-08-20 03:50 22872 c:\windows.0\system32\spool\drivers\w32x86\3\AdobePDFUI.dll
- 2009-05-20 02:27 . 2008-04-06 19:38 22872 c:\windows.0\system32\spool\drivers\w32x86\3\AdobePDFUI.dll
+ 2009-05-20 02:27 . 2009-08-20 03:50 46928 c:\windows.0\system32\spool\drivers\w32x86\3\AdobePdf.dll
+ 2002-01-08 20:57 . 2002-01-08 20:57 56320 c:\windows.0\system32\spool\drivers\w32x86\2\ppbiUif.dll
+ 2002-01-08 20:57 . 2002-01-08 20:57 51712 c:\windows.0\system32\spool\drivers\w32x86\2\ppbiNT.dll
+ 2009-04-23 07:49 . 2006-10-08 10:51 14640 c:\windows.0\system32\spmsg.dll
- 2009-04-23 07:49 . 2006-10-16 06:10 14640 c:\windows.0\system32\spmsg.dll
+ 2009-07-26 05:44 . 2009-07-26 05:44 48448 c:\windows.0\system32\sirenacm.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 81920 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvwddi.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 81920 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvmctray.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 36352 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvcod.dll
+ 2009-11-05 04:44 . 2005-11-29 16:18 40960 c:\windows.0\system32\qw.exe
+ 2002-01-08 19:51 . 2002-01-08 19:51 57344 c:\windows.0\system32\pport_res.dll
+ 2006-12-02 09:00 . 2010-08-06 14:29 65950 c:\windows.0\system32\perfc009.dat
+ 2010-06-28 04:24 . 2010-06-07 23:57 61440 c:\windows.0\system32\OpenCL.dll
+ 2010-06-07 21:32 . 2002-10-03 11:44 30208 c:\windows.0\system32\Lfbmp13n.dll
+ 2010-07-23 20:44 . 2010-04-20 00:47 41984 c:\windows.0\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-07-23 20:44 . 2010-04-20 00:29 18432 c:\windows.0\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2009-10-27 16:42 . 2009-09-23 12:55 64288 c:\windows.0\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2010-07-21 17:42 . 2010-07-12 08:55 64288 c:\windows.0\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2006-11-01 20:22 . 2006-11-01 20:22 32224 c:\windows.0\system32\drivers\wdfldr.sys
- 2006-12-02 09:00 . 2006-10-23 22:14 59264 c:\windows.0\system32\drivers\usbhub.sys
+ 2006-12-02 09:00 . 2006-10-23 11:14 59264 c:\windows.0\system32\drivers\usbhub.sys
+ 2009-09-12 12:31 . 2010-04-20 00:47 41984 c:\windows.0\system32\drivers\usbaapl.sys
- 2005-11-05 11:55 . 2005-11-05 01:55 48768 c:\windows.0\system32\drivers\stream.sys
+ 2005-11-05 11:55 . 2005-11-05 00:55 48768 c:\windows.0\system32\drivers\stream.sys
+ 2009-06-05 11:12 . 2009-05-29 03:36 17408 c:\windows.0\system32\drivers\netaapl.sys
+ 2009-09-20 23:32 . 2010-04-29 19:39 38224 c:\windows.0\system32\drivers\mbamswissarmy.sys
- 2009-09-20 23:32 . 2009-09-10 04:54 38224 c:\windows.0\system32\drivers\mbamswissarmy.sys
+ 2009-09-20 23:32 . 2010-04-29 19:39 20952 c:\windows.0\system32\drivers\mbam.sys
+ 2006-12-02 09:00 . 2005-07-06 14:45 41984 c:\windows.0\system32\drivers\imapi.sys
- 2006-12-02 09:00 . 2005-07-06 00:45 41984 c:\windows.0\system32\drivers\imapi.sys
+ 2006-12-02 09:00 . 2004-08-03 12:08 24960 c:\windows.0\system32\drivers\hidparse.sys
- 2006-12-02 09:00 . 2004-08-03 23:08 24960 c:\windows.0\system32\drivers\hidparse.sys
- 2006-12-02 09:00 . 2006-10-31 21:26 36864 c:\windows.0\system32\drivers\hidclass.sys
+ 2006-12-02 09:00 . 2006-10-31 10:26 36864 c:\windows.0\system32\drivers\hidclass.sys
+ 2006-12-02 09:00 . 2009-12-22 18:39 62592 c:\windows.0\system32\drivers\cdrom.sys
+ 2009-06-02 02:54 . 2009-12-06 19:07 56816 c:\windows.0\system32\drivers\avgntflt.sys
+ 2010-06-07 21:35 . 2001-08-18 02:36 87040 c:\windows.0\system32\dllcache\wiafbdrv.dll
+ 2006-12-02 09:00 . 2004-08-03 12:08 24960 c:\windows.0\system32\dllcache\hidparse.sys
+ 2009-12-22 18:39 . 2009-12-22 18:39 62592 c:\windows.0\system32\dllcache\cdrom.sys
- 2009-04-23 08:05 . 2009-09-20 14:41 32768 c:\windows.0\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-23 08:05 . 2010-02-28 10:10 32768 c:\windows.0\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-28 10:10 . 2010-02-28 10:10 16384 c:\windows.0\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-23 17:34 . 2006-08-11 13:56 30721 c:\windows.0\system32\asindis.dll
+ 2009-05-20 02:27 . 2009-08-20 03:50 22872 c:\windows.0\system32\AdobePDFUI.dll
- 2009-05-20 02:27 . 2008-04-06 19:38 22872 c:\windows.0\system32\AdobePDFUI.dll
+ 2009-05-20 02:27 . 2009-08-20 03:50 46928 c:\windows.0\system32\AdobePDF.dll
+ 2002-08-09 17:17 . 2002-08-09 17:17 77712 c:\windows.0\system\Iconlib.dll
+ 2009-11-12 00:43 . 2009-11-12 00:43 27136 c:\windows.0\Installer\dce2257.msi
+ 2009-11-12 00:43 . 2009-11-12 00:43 83456 c:\windows.0\Installer\dce224e.msi
+ 2010-07-22 17:47 . 2010-07-22 17:47 53248 c:\windows.0\Installer\{BF26E713-43CD-43AD-AF28-A905C1E26D8C}\ARPPRODUCTICON.exe
+ 2010-06-07 21:31 . 2010-06-07 21:31 40960 c:\windows.0\Installer\{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}\_6F4F8BD674AB_4638_92F1_D11137B08EF8.exe
+ 2010-07-21 16:15 . 2010-07-21 18:38 25214 c:\windows.0\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Distiller.exe
+ 2010-07-21 16:15 . 2010-07-21 18:38 36294 c:\windows.0\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat_Standard.exe
+ 2010-07-21 16:15 . 2010-07-21 18:38 38926 c:\windows.0\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat_3D.exe
+ 2010-07-21 16:15 . 2010-07-21 18:38 38926 c:\windows.0\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_Acrobat.exe
- 2009-05-20 02:27 . 2009-05-23 06:59 65536 c:\windows.0\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_A3DReviewer.exe
+ 2009-05-20 02:27 . 2010-07-21 18:38 65536 c:\windows.0\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_A3DReviewer.exe
+ 2009-11-12 00:44 . 2009-11-12 00:44 80395 c:\windows.0\Installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}\MsblIco.Exe
+ 2010-04-25 21:48 . 2010-04-25 21:56 69632 c:\windows.0\Installer\{0F8C8B5A-B076-4400-8262-41D6131099ED}\NewShortcut7_22EC35BDF8F245EB8DCB1C7FB65D0A71.exe
+ 2010-04-25 21:48 . 2010-04-25 21:56 69632 c:\windows.0\Installer\{0F8C8B5A-B076-4400-8262-41D6131099ED}\NewShortcut3_22EC35BDF8F245EB8DCB1C7FB65D0A71.exe
+ 2010-04-25 21:48 . 2010-04-25 21:56 69632 c:\windows.0\Installer\{0F8C8B5A-B076-4400-8262-41D6131099ED}\ARPPRODUCTICON.exe
+ 2010-01-05 12:17 . 2006-11-01 20:22 51680 c:\windows.0\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll
+ 2010-04-26 22:20 . 2006-12-02 09:00 49536 c:\windows.0\$NtUninstallKB952011$\cdrom.sys
+ 2009-03-11 03:34 . 2009-03-11 03:34 2048 c:\windows.0\system32\sysprs7.dll
+ 2009-04-23 17:42 . 2001-08-17 03:02 9600 c:\windows.0\system32\drivers\hidusb.sys
- 2009-04-23 17:42 . 2001-08-17 14:02 9600 c:\windows.0\system32\drivers\hidusb.sys
+ 2009-04-23 17:42 . 2001-08-17 03:02 9600 c:\windows.0\system32\dllcache\hidusb.sys
+ 2010-07-21 16:15 . 2010-07-21 18:38 7278 c:\windows.0\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_ELEMENTS_DT.exe
+ 2009-11-24 11:10 . 2009-11-24 11:10 7078 c:\windows.0\Installer\{9BF58D21-7A60-457B-8FCB-3BDC23155B7D}\davwrite.exe
+ 2008-07-29 12:05 . 2008-07-29 12:05 875520 c:\windows.0\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 312832 c:\windows.0\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 653120 c:\windows.0\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 569664 c:\windows.0\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 14:05 . 2009-07-11 14:05 225280 c:\windows.0\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 14:12 . 2009-07-11 14:12 632656 c:\windows.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 14:09 . 2009-07-11 14:09 554832 c:\windows.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 14:08 . 2009-07-11 14:08 479232 c:\windows.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-06-02 03:02 . 2010-06-23 17:51 141824 c:\windows.0\system32\ZoneLabs\zlupdate.dll
+ 2009-06-02 03:02 . 2010-06-23 17:51 173056 c:\windows.0\system32\ZoneLabs\vsvault.dll
+ 2009-06-02 03:00 . 2010-06-23 17:51 211456 c:\windows.0\system32\ZoneLabs\vsdb.dll
- 2009-06-02 03:02 . 2007-10-11 06:51 832984 c:\windows.0\system32\ZoneLabs\updating.dll
+ 2009-06-02 03:02 . 2007-10-11 20:51 832984 c:\windows.0\system32\ZoneLabs\updating.dll
+ 2009-06-02 03:01 . 2010-06-23 17:51 434688 c:\windows.0\system32\ZoneLabs\ssleay32.dll
+ 2009-06-02 03:02 . 2010-06-23 17:51 135680 c:\windows.0\system32\ZoneLabs\scheduler.dll
+ 2009-06-02 03:02 . 2009-07-14 03:58 722392 c:\windows.0\system32\ZoneLabs\qrbase.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 126976 c:\windows.0\system32\ZoneLabs\lib\zui.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 279040 c:\windows.0\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 225792 c:\windows.0\system32\ZoneLabs\lib\Overview.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 368640 c:\windows.0\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 184832 c:\windows.0\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2010-07-02 19:08 . 2010-06-23 17:51 375296 c:\windows.0\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-06-02 03:00 . 2010-02-08 12:41 595432 c:\windows.0\system32\ZoneLabs\icslta.dll
+ 2010-07-02 19:09 . 2010-05-04 18:04 284136 c:\windows.0\system32\ZoneLabs\ffapi.dll
+ 2009-06-02 03:02 . 2010-06-23 17:51 169984 c:\windows.0\system32\ZoneLabs\fbl.dll
- 2009-06-02 03:02 . 2008-03-17 06:52 813568 c:\windows.0\system32\ZoneLabs\dbghelp.dll
+ 2009-06-02 03:02 . 2008-03-17 20:52 813568 c:\windows.0\system32\ZoneLabs\dbghelp.dll
+ 2002-08-09 17:15 . 2002-08-09 17:15 101376 c:\windows.0\system32\Welsof32.dll
+ 2009-06-02 03:01 . 2010-06-23 17:51 110080 c:\windows.0\system32\vsxml.dll
+ 2009-06-02 03:00 . 2010-06-23 17:51 713728 c:\windows.0\system32\vsutil.dll
+ 2009-06-02 03:01 . 2010-06-23 17:51 302592 c:\windows.0\system32\vspubapi.dll
+ 2009-06-02 03:01 . 2010-06-23 17:51 108032 c:\windows.0\system32\vsmonapi.dll
+ 2009-06-02 03:00 . 2010-06-23 17:51 228864 c:\windows.0\system32\vsinit.dll
+ 2009-06-02 03:01 . 2010-05-13 14:02 532224 c:\windows.0\system32\vsdatant.sys
+ 2009-06-02 03:00 . 2010-06-23 17:51 112128 c:\windows.0\system32\vsdata.dll
+ 2003-10-17 17:59 . 2007-03-16 20:48 118784 c:\windows.0\system32\vaesaver.scr
+ 2002-08-09 17:17 . 2002-08-09 17:17 197648 c:\windows.0\system32\Unidrv.dll
+ 2002-01-08 19:51 . 2002-01-08 19:51 229888 c:\windows.0\system32\Tiff32.dll
+ 2009-11-05 04:44 . 2005-02-14 03:48 213791 c:\windows.0\system32\spool\drivers\w32x86\acpdfui250.dll
+ 2009-11-05 04:44 . 2005-02-14 03:48 341149 c:\windows.0\system32\spool\drivers\w32x86\acpdf250.dll
- 2009-05-20 02:27 . 2004-08-03 14:56 464384 c:\windows.0\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2009-05-20 02:27 . 2004-08-04 04:56 464384 c:\windows.0\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
- 2009-05-20 02:27 . 2004-08-03 14:56 132608 c:\windows.0\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2009-05-20 02:27 . 2004-08-04 04:56 132608 c:\windows.0\system32\spool\drivers\w32x86\3\PS5UI.DLL
- 2009-05-20 02:27 . 2008-04-06 19:37 193904 c:\windows.0\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 2009-05-20 02:27 . 2009-08-20 03:49 193904 c:\windows.0\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 2009-11-05 04:44 . 2005-02-14 03:48 213791 c:\windows.0\system32\spool\drivers\w32x86\3\acpdfui250.dll
+ 2009-11-05 04:44 . 2005-02-14 03:48 341149 c:\windows.0\system32\spool\drivers\w32x86\3\acpdf250.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 928096 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvucode.bin
+ 2010-06-28 04:24 . 2007-03-06 22:49 163908 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvsvc32.exe
+ 2010-06-28 04:24 . 2007-03-06 22:49 286720 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvnt4cpl.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 958464 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvmobls.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 458752 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvmccssr.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 188416 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvmccss.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 229376 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvmccs.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 335872 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvapi.dll
- 2009-06-03 12:26 . 2005-03-25 22:42 363520 c:\windows.0\system32\PsisDecd.dll
+ 2009-06-03 12:26 . 2005-03-25 21:42 363520 c:\windows.0\system32\PsisDecd.dll
+ 2002-01-08 19:51 . 2002-01-08 19:51 155648 c:\windows.0\system32\ppremove.dll
+ 2006-12-02 09:00 . 2010-08-06 14:29 427986 c:\windows.0\system32\perfh009.dat
+ 2010-06-28 04:25 . 2010-06-07 23:57 600680 c:\windows.0\system32\nvuninst.exe
+ 2009-04-23 23:07 . 2010-06-07 23:57 600680 c:\windows.0\system32\nvudisp.exe
+ 2009-04-23 23:07 . 2010-06-07 23:57 232040 c:\windows.0\system32\nvcodins.dll
+ 2009-04-23 23:07 . 2010-06-07 23:57 232040 c:\windows.0\system32\nvcod.dll
+ 2009-07-17 13:44 . 2010-01-04 13:50 115380 c:\windows.0\system32\mlfcache.dat
+ 2010-07-22 17:46 . 2010-07-22 17:46 231888 c:\windows.0\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
+ 2010-07-22 17:46 . 2010-07-22 17:46 311760 c:\windows.0\system32\Macromed\Flash\FlashUtil10h_ActiveX.dll
+ 2010-06-07 21:32 . 2002-10-03 11:44 888832 c:\windows.0\system32\Ltwvc13n.dll
+ 2010-06-07 21:32 . 2002-10-03 11:44 437248 c:\windows.0\system32\Ltkrn13n.dll
+ 2010-06-07 21:32 . 2002-10-03 11:44 323072 c:\windows.0\system32\Ltimg13n.dll
+ 2010-06-07 21:32 . 2002-10-03 11:44 138240 c:\windows.0\system32\Ltfil13n.dll
+ 2010-06-07 21:32 . 2002-10-03 11:44 205312 c:\windows.0\system32\Ltefx13n.dll
+ 2010-06-07 21:32 . 2002-10-03 11:44 258560 c:\windows.0\system32\LTDIS13n.dll
+ 2010-06-07 21:32 . 2002-10-03 11:44 351744 c:\windows.0\system32\LFCMP13n.DLL
+ 2002-01-08 20:57 . 2002-01-08 20:57 110592 c:\windows.0\system32\Jpeg32.dll
+ 2009-11-24 13:52 . 2009-10-10 17:17 149280 c:\windows.0\system32\javaws.exe
- 2009-10-19 10:36 . 2009-10-19 10:36 149280 c:\windows.0\system32\javaws.exe
- 2009-10-19 10:36 . 2009-10-19 10:36 145184 c:\windows.0\system32\javaw.exe
+ 2009-11-24 13:52 . 2009-10-10 17:17 145184 c:\windows.0\system32\javaw.exe
- 2009-10-19 10:36 . 2009-10-19 10:36 145184 c:\windows.0\system32\java.exe
+ 2009-11-24 13:52 . 2009-10-10 17:17 145184 c:\windows.0\system32\java.exe
+ 2009-12-22 18:39 . 2009-12-22 18:39 922112 c:\windows.0\system32\imapi2fs.dll
+ 2009-12-22 18:39 . 2009-12-22 18:39 426496 c:\windows.0\system32\imapi2.dll
+ 2006-11-01 20:22 . 2006-11-01 20:22 492000 c:\windows.0\system32\drivers\wdf01000.sys
+ 2009-04-23 17:40 . 2006-07-12 13:50 146048 c:\windows.0\system32\drivers\portcls.sys
- 2009-04-23 17:40 . 2006-07-12 14:50 146048 c:\windows.0\system32\drivers\portcls.sys
+ 2010-03-13 22:10 . 2001-08-17 02:28 797500 c:\windows.0\system32\drivers\LTSMT.sys
+ 2009-12-22 18:39 . 2009-12-22 18:39 922112 c:\windows.0\system32\dllcache\imapi2fs.dll
+ 2009-12-22 18:39 . 2009-12-22 18:39 426496 c:\windows.0\system32\dllcache\imapi2.dll
- 2009-07-12 03:46 . 2009-10-19 10:36 411368 c:\windows.0\system32\deploytk.dll
+ 2009-07-12 03:46 . 2009-10-10 17:17 411368 c:\windows.0\system32\deploytk.dll
+ 2009-04-26 12:45 . 1998-10-29 20:45 306688 c:\windows.0\IsUninst.exe
- 2009-04-26 12:45 . 1998-10-29 06:45 306688 c:\windows.0\IsUninst.exe
+ 2009-05-07 22:24 . 1998-10-07 02:08 327168 c:\windows.0\IsUn040c.exe
+ 2009-11-12 00:44 . 2009-11-12 00:44 430080 c:\windows.0\Installer\dce2283.msi
+ 2009-11-12 00:43 . 2009-11-12 00:43 155648 c:\windows.0\Installer\dce2266.msi
+ 2010-07-23 20:35 . 2010-07-23 20:35 807424 c:\windows.0\Installer\c6ea46.msi
+ 2010-07-16 18:44 . 2010-07-16 18:44 518656 c:\windows.0\Installer\544f4.msi
+ 2010-07-21 17:26 . 2010-07-21 17:26 236032 c:\windows.0\Installer\4937a7e.msi
+ 2010-01-17 22:48 . 2010-01-17 22:48 424960 c:\windows.0\Installer\44df72.msi
+ 2009-11-24 11:10 . 2009-11-24 11:10 314368 c:\windows.0\Installer\2d7840fa.msi
+ 2010-04-25 21:55 . 2010-04-25 21:55 158208 c:\windows.0\Installer\11fec3c.msp
+ 2010-07-23 20:37 . 2010-07-23 20:37 897024 c:\windows.0\Installer\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}\SafariIco.exe
+ 2009-05-20 02:27 . 2010-07-21 18:38 335872 c:\windows.0\Installer\{AC76BA86-1033-F400-7761-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
- 2009-05-20 02:27 . 2009-05-23 06:59 335872 c:\windows.0\Installer\{AC76BA86-1033-F400-7761-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2010-07-23 20:57 . 2010-07-23 20:57 372736 c:\windows.0\Installer\{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}\iTunesIco.exe
+ 2010-05-12 00:32 . 2010-05-12 00:32 376832 c:\windows.0\ERDNT\5-11-2010\Users\00000002\UsrClass.dat
+ 2010-05-12 00:32 . 2005-10-20 16:02 163328 c:\windows.0\ERDNT\5-11-2010\ERDNT.EXE
+ 2006-11-20 15:04 . 2006-11-20 15:04 117088 c:\windows.0\Downloaded Program Files\PURen-us.dll
+ 2010-06-27 22:47 . 2006-11-20 15:04 117088 c:\windows.0\Downloaded Program Files\PURen-ca.dll
+ 2009-08-19 15:55 . 2009-08-19 15:55 829288 c:\windows.0\Downloaded Program Files\MsnPUpld.dll
+ 2010-01-05 12:17 . 2006-10-08 10:51 379184 c:\windows.0\$NtUninstallWdf01005$\spuninst\updspapi.dll
+ 2010-01-05 12:17 . 2006-10-08 10:51 221488 c:\windows.0\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2010-04-26 22:20 . 2009-12-22 18:39 379184 c:\windows.0\$NtUninstallKB952011$\spuninst\updspapi.dll
+ 2010-04-26 22:20 . 2009-12-22 18:39 221488 c:\windows.0\$NtUninstallKB952011$\spuninst\spuninst.exe
+ 2009-07-11 14:02 . 2009-07-11 14:02 3780424 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 14:02 . 2009-07-11 14:02 3765048 c:\windows.0\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 5982720 c:\windows.0\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 5937144 c:\windows.0\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 1180672 c:\windows.0\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2009-07-11 09:46 . 2009-07-11 09:46 1093120 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 09:46 . 2009-07-11 09:46 1105920 c:\windows.0\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-06-02 03:01 . 2010-06-23 17:51 1790464 c:\windows.0\system32\ZoneLabs\vsruledb.dll
+ 2009-06-02 03:01 . 2010-06-23 17:52 2435592 c:\windows.0\system32\ZoneLabs\vsmon.exe
+ 2010-07-02 19:08 . 2010-06-23 17:51 1536512 c:\windows.0\system32\ZoneLabs\lib\zpy.zip.dll
+ 2009-06-05 11:12 . 2009-05-29 03:36 1419232 c:\windows.0\system32\wdfcoinstaller01005.dll
+ 2003-10-17 17:59 . 2007-03-16 20:49 8330560 c:\windows.0\system32\vaesaver.dll
+ 2010-01-19 19:40 . 2007-03-16 20:49 8330560 c:\windows.0\system32\vaengine.dll
+ 2009-09-12 12:31 . 2010-04-20 00:47 3062048 c:\windows.0\system32\usbaaplrc.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 2379776 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvwssr.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 2113536 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvwss.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 3620864 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvvitvsr.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 3391488 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvvitvs.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 6660096 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvoglnt.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 2854912 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvmoblsr.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 3235840 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvgamesr.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 3145728 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvgames.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 5251072 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvdispsr.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 5718016 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvdisps.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 8425472 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nvcpl.dll
+ 2010-06-28 04:24 . 2007-03-06 22:49 6704096 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nv4_mini.sys
+ 2010-06-28 04:24 . 2007-03-06 22:49 5446016 c:\windows.0\system32\ReinstallBackups\0001\DriverFiles\nv4_disp.dll
+ 2010-06-28 04:24 . 2010-06-07 23:57 2186342 c:\windows.0\system32\nvdata.bin
+ 2010-06-28 04:24 . 2010-06-07 23:57 2165352 c:\windows.0\system32\nvcuvid.dll
+ 2010-06-28 04:24 . 2010-06-07 23:57 2632296 c:\windows.0\system32\nvcuvenc.dll
+ 2010-06-28 04:24 . 2010-06-07 23:57 4554752 c:\windows.0\system32\nvcuda.dll
+ 2009-04-23 23:06 . 2010-06-07 23:57 1359872 c:\windows.0\system32\nvapi.dll
+ 2009-04-23 23:06 . 2010-06-07 23:57 6300544 c:\windows.0\system32\nv4_disp.dll
+ 2002-01-08 19:51 . 2002-01-08 19:51 1462353 c:\windows.0\system32\MYDLL.dll
+ 2009-04-23 17:31 . 2010-04-25 21:56 2367328 c:\windows.0\system32\FNTCACHE.DAT
+ 2010-07-23 20:44 . 2010-04-20 00:47 3062048 c:\windows.0\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-07-23 20:44 . 2010-04-20 00:29 1461992 c:\windows.0\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2009-11-05 04:44 . 2005-02-14 03:48 1613824 c:\windows.0\system32\cdintf250.dll
+ 2010-07-23 20:57 . 2010-07-23 20:57 5731328 c:\windows.0\Installer\c6fa59.msi
+ 2010-07-23 20:50 . 2010-07-23 20:50 9472000 c:\windows.0\Installer\c6f2bd.msi
+ 2010-07-23 20:44 . 2010-07-23 20:44 3089408 c:\windows.0\Installer\c6eb5b.msi
+ 2010-07-23 20:43 . 2010-07-23 20:43 1984000 c:\windows.0\Installer\c6eb1d.msi
+ 2010-07-23 20:37 . 2010-07-23 20:37 3094528 c:\windows.0\Installer\c6eb01.msi
+ 2010-06-07 21:31 . 2010-06-07 21:31 9969664 c:\windows.0\Installer\9f9bc0.msi
+ 2010-07-25 13:08 . 2010-07-25 13:08 1687040 c:\windows.0\Installer\97a992f.msi
+ 2010-07-21 17:27 . 2010-07-21 17:27 1866752 c:\windows.0\Installer\4937a8b.msi
+ 2010-06-28 04:25 . 2010-06-28 04:25 1604096 c:\windows.0\Installer\3a79ce.msi
+ 2010-05-12 00:32 . 2010-05-12 00:32 8101888 c:\windows.0\ERDNT\5-11-2010\Users\00000001\NTUSER.DAT
+ 2010-02-04 16:55 . 2010-02-04 16:55 3171608 c:\windows.0\Downloaded Program Files\EPUWALcontrol.dll
+ 2009-04-23 23:06 . 2010-06-07 23:57 15192064 c:\windows.0\system32\nvoglnt.dll
+ 2010-06-28 04:24 . 2010-06-07 23:57 10256384 c:\windows.0\system32\nvcompiler.dll
+ 2009-04-23 23:06 . 2010-06-07 23:57 10531200 c:\windows.0\system32\drivers\nv4_mini.sys
+ 2009-04-23 23:06 . 2010-06-07 23:57 10531200 c:\windows.0\system32\dllcache\nv4_mini.sys
+ 2009-11-12 00:45 . 2009-11-12 00:45 15706112 c:\windows.0\Installer\dce228d.msp
+ 2010-07-05 16:07 . 2010-07-05 16:07 37180928 c:\windows.0\Installer\44bb0eb.msp
+ 2010-04-04 09:14 . 2010-04-04 09:14 92859904 c:\windows.0\Installer\1be136.msp
+ 2010-06-20 09:30 . 2010-06-20 09:30 93828096 c:\windows.0\Installer\1be135.msp
+ 2010-04-25 21:48 . 2010-04-25 21:48 13681152 c:\windows.0\Installer\11fec33.msi
+ 2010-07-05 16:14 . 2010-07-05 16:14 169328128 c:\windows.0\Installer\44bb0ea.msp
+ 2010-01-05 01:02 . 2010-01-05 01:02 183439360 c:\windows.0\Installer\1be137.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2010-06-07 13902440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-26 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide1"="move" [X]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-17 25600]
"tscuninstall"="c:\windows.0\system32\tscupgrd.exe" [2006-12-02 44544]
"nltide_3"="advpack.dll" [2006-10-17 123904]

c:\users\Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2010-6-13 225280]

c:\users\steven\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows.0\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows.0\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows.0\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-19 16:36 640440 ------w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-06-19 23:04 38840 ------w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-13 21:58 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 13:56 17920 ------w- c:\windows.0\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-17 10:32 18944 ------w- c:\windows.0\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 14:47 31016 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 06:24 54840 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ------w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-06-07 21:34 13902440 ------w- c:\windows.0\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-06-07 21:34 110696 ------w- c:\windows.0\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
2006-08-04 16:29 62976 ------w- c:\program files\TaskSwitchXP\TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uberpackSoft]
2005-07-05 04:34 828416 ------w- c:\windows.0\system32\mmm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Users\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS.0\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [9/20/2009 9:28 AM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/1/2009 10:54 PM 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1352832]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/14/2008 3:46 PM 284016]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows.0\system32\drivers\netaapl.sys [6/5/2009 7:12 AM 17408]
S4 sptd;sptd;c:\windows.0\system32\drivers\sptd.sys [4/23/2009 3:50 AM 646392]
.
Contents of the 'Scheduled Tasks' folder

2010-08-06 c:\windows.0\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

2010-07-30 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2010-08-06 c:\windows.0\Tasks\PropertyTaskUserS-1-5-21-1343024091-606747145-725345543-500.job
- c:\windows.0\system32\Properem.exe [2009-06-18 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows.0\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - c:\program files\ImpotRapide 2009\ic2009pp.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\hgj397wo.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
.
------- File Associations -------
.
inifile=c:\windows.0\system32\NOTEPAD2.EXE %1
txtfile=c:\windows.0\system32\NOTEPAD2.EXE %1
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - (no file)
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-VMware hqtray - c:\program files\VMware\VMware Player\hqtray.exe
AddRemove-DVDneXtCOPY - c:\program files\DVDneXtCOPY3\uninstall.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:32,28,10,d7,ce,a5,1c,df,8f,0f,1f,30,41,5e,a8,77,0d,e6,6a,9a,02,
44,11,4f,7b,65,ad,62,b6,7b,03,5c,77,9b,29,ce,df,54,73,56,89,5e,c1,81,6e,81,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:32,28,10,d7,ce,a5,1c,df,8f,0f,1f,30,41,5e,a8,77,0d,e6,6a,9a,02,
44,11,4f,7b,65,ad,62,b6,7b,03,5c,77,9b,29,ce,df,54,73,56,89,5e,c1,81,6e,81,\
.
Completion time: 2010-08-06 11:45:32
ComboFix-quarantined-files.txt 2010-08-06 15:45
ComboFix2.txt 2009-10-27 14:16
ComboFix3.txt 2009-10-27 13:10

Pre-Run: 2,277,634,048 bytes free
Post-Run: 2,401,595,392 bytes free

- - End Of File - - A9FF052B3FFEF6B1CBE5CE55213D4738


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:50 AM

Posted 06 August 2010 - 11:22 AM

Hello,
Please click Start > Run, type sfc /scannow in the runbox and press enter.
Let the System File Checker run unhindered. Note - you might be prompted for your XP CD.

When done, rerun Combofix and post me the new log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 plomper

plomper
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 August 2010 - 11:46 AM

i dont have service pack 2 cd
can we do it another way?
Thanks

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:50 AM

Posted 06 August 2010 - 12:19 PM

Maybe you can borrow a CD from a friend/family member. Its not necessary to have Service pack 2, as long as the version (Home or Pro) matches.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 plomper

plomper
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 August 2010 - 01:29 PM

it says window file protection
files are replaced by unrecognized ver.
insert sp2 cd
i dont have a 100% real xp pro ver installed
sry
any other way we can proceed?



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:50 AM

Posted 06 August 2010 - 01:39 PM

At this point, in order to fix things, we need to replace all patched windows files.

The only other way you can do this without a CD is downloading and installing Service Pack 3 (which I recommend anyway, since Service Pack 2 is no longer supported).

However, before doing that, let me know how things are running now; you should only do this if things are running reasonably fine.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 plomper

plomper
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 06 August 2010 - 06:14 PM

log attached
i installed sp3

Attached Files

  • Attached File  log.zip   10.92KB   4 downloads


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:50 AM

Posted 07 August 2010 - 04:19 AM

Well, that sure improved a lot. Please let me know how things are running and what problems you still have after the following fix.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
FCopy::
c:\windows.0\ServicePackFiles\i386\user32.dll | c:\windows.0\system32\user32.dll

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 plomper

plomper
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 07 August 2010 - 10:55 PM

yes
my pc is running much better no more lag when i open browers THANKS!!!

im just wondering how you see it in the log?

here is the latest
ComboFix 10-08-06.01 - Administrator 08/07/2010 23:39:59.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2295 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-06 20:08 . 2008-04-14 09:42 32866 ------w- c:\windows.0\slrundll.exe
2010-08-06 20:08 . 2010-08-06 20:08 -------- d-----w- c:\windows.0\system32\scripting
2010-08-06 20:08 . 2010-08-06 20:08 -------- d-----w- c:\windows.0\l2schemas
2010-08-06 20:08 . 2010-08-06 20:08 -------- d-----w- c:\windows.0\system32\bits
2010-08-06 20:07 . 2010-08-06 20:09 -------- d-----w- c:\windows.0\ServicePackFiles
2010-08-06 20:01 . 2010-08-06 20:01 -------- d-----w- c:\windows.0\EHome
2010-08-04 17:34 . 2010-08-04 17:34 3522560 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\15132-15141.DLL
2010-08-04 17:34 . 2010-08-04 17:34 3497984 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\15121-15132.DLL
2010-08-04 17:34 . 2010-08-04 17:34 249856 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\151165-15121.DLL
2010-08-04 17:34 . 2010-08-04 17:34 223584 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-08-04 17:34 . 2010-08-04 17:34 1564672 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\15141-15152.DLL
2010-08-04 17:34 . 2010-08-04 17:34 151552 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-08-04 17:34 . 2010-08-04 17:34 1089 ----a-w- c:\users\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-08-02 02:29 . 2010-08-02 02:29 1536 ----a-w- c:\users\Administrator\Application Data\Spycar\1\HKLM_Run-Target.exe
2010-08-02 02:29 . 2010-08-02 02:29 -------- d-----w- c:\users\Administrator\Application Data\Spycar
2010-07-28 23:31 . 2010-07-28 23:31 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Safe mirror
2010-07-28 23:30 . 2010-07-28 23:31 -------- d-----w- c:\program files\Cobian Backup 10
2010-07-25 15:32 . 2010-07-25 15:32 -------- d-----w- c:\program files\Games_Bar_1
2010-07-23 20:55 . 2010-07-23 20:55 -------- d-----w- c:\program files\iPod
2010-07-23 20:55 . 2010-07-23 20:57 -------- d-----w- c:\users\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-23 20:55 . 2010-07-23 20:57 -------- d-----w- c:\program files\iTunes
2010-07-23 20:49 . 2010-07-23 20:50 -------- d-----w- c:\program files\QuickTime
2010-07-23 20:43 . 2010-07-23 20:43 -------- d-----w- c:\program files\Bonjour
2010-07-23 20:40 . 2010-07-23 20:40 73000 ------w- c:\users\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-23 20:34 . 2010-07-23 20:34 71992 ------w- c:\users\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-22 15:56 . 2010-07-22 20:05 -------- d-----w- c:\program files\Machinist 2
2010-07-21 17:27 . 2010-07-21 17:27 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Sunbelt Software
2010-07-21 17:27 . 2010-07-21 17:27 -------- dc-h--w- c:\users\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 17:27 . 2010-07-12 08:56 2979280 -c----w- c:\users\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-18 23:50 . 2010-07-18 23:50 -------- d-----w- c:\program files\vso
2010-07-13 05:37 . 2010-07-13 05:54 -------- d-----w- c:\program files\3D-Album-CS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 02:03 . 2009-04-23 23:15 156328 ----a-w- c:\users\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-06 22:59 . 2009-04-27 12:37 -------- d-----w- c:\users\All Users\Application Data\FLEXnet
2010-08-04 17:36 . 2009-11-05 04:44 -------- d-----w- c:\program files\Quicken
2010-08-03 23:29 . 2010-06-13 17:37 -------- d-----w- c:\program files\NetZero
2010-08-01 10:33 . 2010-04-25 21:48 -------- d-----w- c:\program files\ImpotRapide 2009
2010-07-30 02:14 . 2010-07-30 14:28 2011136 ----a-w- c:\windows.0\Internet Logs\xDB1E.tmp
2010-07-29 23:49 . 2010-07-30 14:28 2011136 ----a-w- c:\windows.0\Internet Logs\xDB1F.tmp
2010-07-27 19:43 . 2009-04-28 00:37 -------- d-----w- c:\users\Administrator\Application Data\Image Zone Express
2010-07-27 15:20 . 2009-05-22 15:18 21824964 ----a-w- c:\windows.0\Internet Logs\tvDebug.Zip
2010-07-23 20:55 . 2009-04-25 03:01 -------- d-----w- c:\program files\Common Files\Apple
2010-07-23 20:38 . 2009-07-17 12:23 -------- d-----w- c:\program files\Safari
2010-07-22 18:30 . 2010-01-23 18:54 -------- d-----w- c:\program files\DVDneXtCOPY3
2010-07-21 17:42 . 2009-10-27 16:42 95024 ------w- c:\windows.0\system32\drivers\SBREDrv.sys
2010-07-21 16:10 . 2009-04-24 03:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 19:42 . 2010-06-28 04:25 217180 ------w- c:\windows.0\system32\nvdrsdb0.bin
2010-07-20 19:42 . 2010-06-28 04:25 1 ------w- c:\windows.0\system32\nvdrssel.bin
2010-07-18 23:02 . 2009-11-23 16:01 -------- d-----w- c:\users\Administrator\Application Data\Any Video Converter Professional
2010-07-14 14:07 . 2009-04-25 01:55 -------- d-----w- c:\users\Administrator\Application Data\BitTorrent
2010-07-13 05:44 . 2010-01-19 19:41 -------- d-----w- c:\users\Administrator\Application Data\3D-Album
2010-07-12 08:55 . 2009-09-20 13:28 64288 ------w- c:\windows.0\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2009-09-20 14:41 15880 ------w- c:\windows.0\system32\lsdelete.exe
2010-07-09 00:01 . 2010-07-09 00:02 483328 ----a-w- c:\windows.0\Internet Logs\xDB1D.tmp
2010-07-08 23:34 . 2010-05-12 00:32 -------- d-----w- c:\program files\ERUNT
2010-07-08 23:32 . 2010-06-28 04:25 217180 ------w- c:\windows.0\system32\nvdrsdb1.bin
2010-07-08 23:29 . 2010-07-08 23:30 1783296 ----a-w- c:\windows.0\Internet Logs\xDB1C.tmp
2010-07-08 23:29 . 2010-07-08 23:30 1260544 ----a-w- c:\windows.0\Internet Logs\xDB1B.tmp
2010-07-08 23:20 . 2009-08-11 17:30 22 ------w- c:\windows.0\system32\nvModes.dat
2010-07-06 22:16 . 2010-03-09 19:47 439816 ------w- c:\users\Administrator\Application Data\Real\Update\setup3.10\setup.exe
2010-07-02 19:09 . 2010-07-02 19:09 -------- d-----w- c:\users\Administrator\Application Data\CheckPoint
2010-07-02 19:08 . 2010-07-02 19:08 -------- d-----w- c:\program files\Conduit
2010-07-02 19:08 . 2010-07-02 19:08 -------- d-----w- c:\program files\CheckPoint
2010-07-02 19:08 . 2009-05-19 12:22 4212 ---h--w- c:\windows.0\system32\zllictbl.dat
2010-06-28 04:26 . 2010-06-28 04:24 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-28 04:25 . 2010-06-28 04:25 -------- d-----w- c:\users\All Users\Application Data\NVIDIA Corporation
2010-06-23 17:51 . 2009-06-02 03:01 1238528 ----a-w- c:\windows.0\system32\zpeng25.dll
2010-06-23 17:51 . 2009-06-02 03:01 69120 ----a-w- c:\windows.0\system32\zlcomm.dll
2010-06-23 17:51 . 2009-06-02 03:01 103936 ----a-w- c:\windows.0\system32\zlcommdb.dll
2010-06-22 03:38 . 2010-06-22 03:24 -------- d-----w- c:\program files\iCare Data Recovery
2010-06-22 02:43 . 2010-06-22 02:43 -------- d-----w- c:\program files\SoftLogica
2010-06-22 01:21 . 2010-06-22 01:21 -------- d-----w- c:\program files\Runtime Software
2010-06-13 18:15 . 2010-06-13 18:15 -------- d-----w- c:\users\Administrator\Application Data\Leadertech
2010-06-13 18:13 . 2010-06-13 18:13 -------- d-----w- c:\program files\Atari
2010-06-09 08:06 . 2010-06-09 08:06 976832 ------w- c:\users\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ------w- c:\users\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ------w- c:\users\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ------w- c:\users\All Users\Application Data\Adobe\Acrobat\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-06-07 21:34 . 2010-06-07 21:34 81920 ------w- c:\windows.0\system32\nvwddi.dll
2010-06-07 21:34 . 2010-06-07 21:34 277608 ------w- c:\windows.0\system32\nvmccs.dll
2010-06-07 21:34 . 2010-06-07 21:34 13902440 ------w- c:\windows.0\system32\nvcpl.dll
2010-06-07 21:34 . 2010-06-07 21:34 110696 ------w- c:\windows.0\system32\nvmctray.dll
2010-06-07 21:34 . 2010-06-07 21:34 154728 ------w- c:\windows.0\system32\nvsvc32.exe
2010-06-07 21:34 . 2010-06-07 21:34 145000 ------w- c:\windows.0\system32\nvcolor.exe
2010-06-05 21:14 . 2010-06-05 21:14 664 ------w- c:\windows.0\system32\d3d9caps.dat
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ------w- c:\windows.0\system32\GPhotos.scr
2010-06-01 00:49 . 2010-06-01 00:49 5120 --sh--w- c:\program files\Thumbs.db
2010-05-22 16:06 . 2010-03-31 23:37 156328 ------w- c:\users\steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-18 20:35 . 2010-05-18 20:35 91424 ------w- c:\windows.0\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ------w- c:\windows.0\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ------w- c:\windows.0\system32\dns-sd.exe
2009-03-25 17:23 . 2008-10-16 18:37 40960 ----a-w- c:\program files\Common Files\qwver.dll
2008-11-16 17:06 . 2009-07-16 12:05 69815 ------w- c:\program files\QtimeKeys.JPG
2008-10-20 11:47 . 2009-07-16 12:08 923547 ------w- c:\program files\7z460.exe
2008-08-20 04:05 . 2009-07-16 12:08 23766320 ------w- c:\program files\QuickTimeInstaller.exe
.

------- Sigcheck -------

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\user32.dll
[-] 2006-12-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows.0\$NtServicePackUninstall$\user32.dll
[-] 2006-12-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows.0\system32\user32.dll

[-] 2006-12-02 09:00 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows.0\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-08-06_23.10.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-08 01:59 . 2010-08-08 01:59 16384 c:\windows.0\temp\Perflib_Perfdata_540.dat
+ 2006-12-02 09:00 . 2010-08-08 02:04 65950 c:\windows.0\system32\perfc009.dat
- 2006-12-02 09:00 . 2010-08-06 21:43 65950 c:\windows.0\system32\perfc009.dat
+ 2006-12-02 09:00 . 2010-08-08 02:04 427986 c:\windows.0\system32\perfh009.dat
- 2006-12-02 09:00 . 2010-08-06 21:43 427986 c:\windows.0\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2010-06-07 13902440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-26 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide1"="move" [X]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-17 25600]
"tscuninstall"="c:\windows.0\system32\tscupgrd.exe" [2006-12-02 44544]
"nltide_3"="advpack.dll" [2006-10-17 123904]

c:\users\Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2010-6-13 225280]

c:\users\steven\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows.0\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows.0\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows.0\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-19 16:36 640440 ------w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-06-19 23:04 38840 ------w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-13 21:58 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 13:56 17920 ------w- c:\windows.0\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-17 10:32 18944 ------w- c:\windows.0\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 14:47 31016 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 06:24 54840 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ------w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-06-07 21:34 13902440 ------w- c:\windows.0\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-06-07 21:34 110696 ------w- c:\windows.0\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
2006-08-04 16:29 62976 ------w- c:\program files\TaskSwitchXP\TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uberpackSoft]
2005-07-05 04:34 828416 ------w- c:\windows.0\system32\mmm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Users\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS.0\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [9/20/2009 9:28 AM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/1/2009 10:54 PM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1352832]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/14/2008 3:46 PM 284016]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows.0\system32\drivers\netaapl.sys [6/5/2009 7:12 AM 17408]
S4 sptd;sptd;c:\windows.0\system32\drivers\sptd.sys [4/23/2009 3:50 AM 646392]
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows.0\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

2010-08-06 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2010-08-08 c:\windows.0\Tasks\PropertyTaskUserS-1-5-21-1343024091-606747145-725345543-500.job
- c:\windows.0\system32\Properem.exe [2009-06-18 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows.0\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - c:\program files\ImpotRapide 2009\ic2009pp.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\hgj397wo.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-07 23:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:32,28,10,d7,ce,a5,1c,df,8f,0f,1f,30,41,5e,a8,77,0d,e6,6a,9a,02,
44,11,4f,7b,65,ad,62,b6,7b,03,5c,77,9b,29,ce,df,54,73,56,89,5e,c1,81,6e,81,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:32,28,10,d7,ce,a5,1c,df,8f,0f,1f,30,41,5e,a8,77,0d,e6,6a,9a,02,
44,11,4f,7b,65,ad,62,b6,7b,03,5c,77,9b,29,ce,df,54,73,56,89,5e,c1,81,6e,81,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3060)
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\wpdshserviceobj.dll
c:\windows.0\system32\hnetcfg.dll
c:\windows.0\system32\portabledevicetypes.dll
c:\windows.0\system32\portabledeviceapi.dll
c:\windows.0\system32\OneX.DLL
c:\windows.0\system32\eappprxy.dll
.
Completion time: 2010-08-07 23:50:48
ComboFix-quarantined-files.txt 2010-08-08 03:50
ComboFix2.txt 2010-08-06 23:12
ComboFix3.txt 2010-08-06 21:20
ComboFix4.txt 2010-08-06 15:45
ComboFix5.txt 2010-08-08 03:39

Pre-Run: 5,355,151,360 bytes free
Post-Run: 5,336,182,784 bytes free

- - End Of File - - 32B62AED7057084EFB9F5B22D8198DFC


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:50 AM

Posted 08 August 2010 - 03:19 AM

QUOTE
im just wondering how you see it in the log?
That comes with experience. smile.gif At BC everyone who works with logs has received training to learn how to interpret logs.

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 plomper

plomper
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 08 August 2010 - 10:16 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4407

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

8/8/2010 11:09:53 PM
mbam-log-2010-08-08 (23-09-53).txt

Scan type: Full scan (C:\|F:\|G:\|)
Objects scanned: 833747
Time elapsed: 3 hour(s), 20 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Users\Administrator\Application Data\Microsoft\Winlogon.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS.0\system32\clhordei.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A931F51-3335-4626-AAE0-02F5094A4159}\RP229\A0081492.exe (Simulation.Spycar) -> Quarantined and deleted successfully.
F:\c 2010-07-28 19;45;26\Qoobox\Quarantine\C\WINDOWS.0\system32\clhordei.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
G:\Documents and Settings\steven\DoctorWeb\Quarantine\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
G:\WINDOWS\SYSTEM32\DLLCACHE\ndis.sys (Rootkit.Protector) -> Quarantined and deleted successfully.
G:\Program Files\Ulead Systems\Ulead Animation.Applet 2.0 Trial\Spt_plug\usp2rain.spt (Trojan.Spambot) -> Quarantined and deleted successfully.
G:\Program Files\WinAVI Video Converter\Filter\q3cast.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
G:\Program Files\WinAVI Video Converter\Filter\q3drv.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users