Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop infected


  • This topic is locked This topic is locked
15 replies to this topic

#1 andycake

andycake

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 13 October 2010 - 01:00 AM

Otl and Rootkit Unhooker for my main desktop following laptop infection.

Only main OTL text opened - Extras text was not generated.

OTL logfile created on: 13/10/2010 07:18:13 - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.04 Gb Total Space | 17.57 Gb Free Space | 9.71% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.94 Gb Free Space | 17.98% Space Free | Partition Type: FAT32
Drive G: | 232.83 Gb Total Space | 8.19 Gb Free Space | 3.52% Space Free | Partition Type: FAT32
Drive J: | 465.76 Gb Total Space | 13.21 Gb Free Space | 2.84% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 14.06 Gb Free Space | 4.72% Space Free | Partition Type: NTFS
Drive N: | 149.05 Gb Total Space | 6.11 Gb Free Space | 4.10% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\BandwidthMeter\BandwidthMeter.exe (Senh Liu)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll (Symantec Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe (Sony DADC Austria AG.)


========== Driver Services (SafeList) ==========

DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS File not found
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS File not found
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS File not found
DRV - (sony_ssm.sys) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sony_ssm.sys File not found
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys File not found
DRV - (PCTINDIS5) -- C:\WINDOWS\System32\PCTINDIS5.SYS File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found
DRV - (BtAudio) -- C:\WINDOWS\System32\DRIVERS\btaudio.sys File not found
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101012.024\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101012.024\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101012.001\IDSXpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (TotRec7) -- C:\WINDOWS\system32\drivers\TotRec7.sys (High Criteria inc.)
DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (WsAudioDevice_383) -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys (Wondershare)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ntcdrdrv) -- C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys (NoteBurn Software)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (SaiHFF32) -- C:\WINDOWS\system32\drivers\SaiHFF32.sys (Saitek)
DRV - (SaiIFF32) Immersion's HID USB Driver (FF32) -- C:\WINDOWS\system32\drivers\SaiIFF32.sys (Saitek)
DRV - (CdaD10BA) -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS (Macrovision Europe Ltd)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (PRISM_A00) -- C:\WINDOWS\system32\drivers\PCTELSAP.SYS (PCTEL Inc.)
DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (alcan5ln) SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS) -- C:\WINDOWS\system32\drivers\alcan5ln.sys (THOMSON)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ovt519) -- C:\WINDOWS\system32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (WIDCOMM, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys (Roxio)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (Winacusb) -- C:\WINDOWS\system32\drivers\winacusb.sys (Conexant)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (SiSV) -- C:\WINDOWS\system32\drivers\SiSV.sys (Silicon Integrated Systems Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{8EFEBF94-3D9C-4F80-ABBC-2E22C1F770B1}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{8EFEBF94-3D9C-4F80-ABBC-2E22C1F770B1} [2009/11/02 07:22:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{08D5D943-8F16-4A3E-A33D-BC5F92C45CBC}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{08D5D943-8F16-4A3E-A33D-BC5F92C45CBC}\ [2009/12/26 21:12:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B305FCF7-8144-4E36-975C-27E92FAFCB0B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{B305FCF7-8144-4E36-975C-27E92FAFCB0B}\ [2009/12/27 08:25:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/08/18 17:27:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/08/14 22:47:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 14:26:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 11:09:02 | 000,000,000 | ---D | M]

[2010/06/26 19:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\extensions
[2008/11/24 16:05:21 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/03/23 12:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/25 23:21:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/24 16:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\moveplayer@movenetworks.com
[2010/05/25 23:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\staged-xpis
[2010/08/12 03:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/05/29 19:26:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/07 17:47:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/06/02 00:09:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/06/01 22:23:50 | 000,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/06/01 22:23:51 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/06/01 22:23:51 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/06/01 22:23:51 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/06/01 22:23:52 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/20 17:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2009/08/03 12:53:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [StartMS] C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [StartMS] C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Bandwidth Meter.lnk = C:\Program Files\BandwidthMeter\BandwidthMeter.exe (Senh Liu)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\lspisi.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1352272961-4222624086-4149492324-500\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1253526840031 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.btinternet.com/templates/b...bcontrol028.cab (webhelper Class)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/12 12:34:22 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/10/12 12:34:24 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/12 12:34:24 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/12 12:34:22 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/12 12:34:22 | 000,000,000 | RHSD | M] - L:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/12 12:34:23 | 000,000,000 | RHSD | M] - N:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/13 07:17:51 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/12 12:34:22 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/10/08 12:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/08 11:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/10/05 23:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2010/10/05 22:29:31 | 000,000,000 | ---D | C] -- C:\Error
[2010/10/05 15:33:25 | 000,000,000 | ---D | C] -- C:\Andrew Xystos Laptop Files
[2010/08/30 12:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Emma Work
[2010/08/14 22:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/08/03 13:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Wondershare Streaming Audio Recorder
[2010/08/03 12:59:08 | 000,016,640 | ---- | C] (Wondershare) -- C:\WINDOWS\System32\drivers\WsAudioDevice_383.sys
[2010/07/25 09:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/24 11:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/07/16 11:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/07/16 11:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/29 07:38:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2008/04/11 20:08:33 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx.exe
[2005/12/03 18:30:45 | 001,255,936 | ---- | C] (Dancemammal.com) -- C:\Program Files\DVDPrint.exe
[2004/09/09 21:25:36 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2003/11/14 01:54:38 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/13 07:17:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/13 07:05:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/13 07:04:48 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/10/13 07:04:46 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/10/13 07:04:46 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1352272961-4222624086-4149492324-500.job
[2010/10/13 07:04:44 | 001,613,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 07:04:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/13 07:02:59 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2010/10/13 07:02:59 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2010/10/13 07:02:59 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2010/10/13 07:02:59 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2010/10/13 07:02:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/10/13 07:02:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/10/13 07:02:59 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000004-00001102-00000004-20051102}.dat
[2010/10/13 07:02:59 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000004-00001102-00000004-20051102}.dat
[2010/10/13 07:01:08 | 004,932,486 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000004-00001102-00000004-20051102}.CDF
[2010/10/13 06:56:55 | 000,708,940 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2010/10/13 06:56:43 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 12:33:41 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Flash_Disinfector.exe
[2010/10/10 19:26:48 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\15 Brookside Avenue.doc
[2010/10/10 18:46:30 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word.lnk
[2010/10/10 16:25:39 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/10 16:11:02 | 000,000,289 | -HS- | M] () -- C:\boot.ini
[2010/10/10 13:40:47 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2010/10/10 13:21:52 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2010/10/10 13:21:43 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2010/10/10 13:21:43 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2010/10/10 13:21:42 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2010/10/09 19:47:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/09 16:12:49 | 001,752,931 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ellen.jpg
[2010/10/08 11:42:04 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Audacity.lnk
[2010/10/07 04:43:10 | 000,147,615 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[2010/10/07 03:05:41 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 03:05:41 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/06 10:10:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1352272961-4222624086-4149492324-500.job
[2010/10/05 22:39:49 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/09/28 13:17:23 | 001,806,161 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DSCF0150 - Copy.JPG
[2010/09/28 13:17:23 | 000,127,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Me at Dadaaa's.jpg
[2010/09/28 13:17:23 | 000,071,813 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\At Zeeee's ;).jpg
[2010/09/20 23:03:18 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\isolate.ini
[2010/09/07 06:38:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/28 07:53:14 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\a.PIF
[2010/08/14 22:44:56 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
[2010/08/14 22:29:50 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/14 22:29:50 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/14 22:29:50 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/14 22:29:50 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/13 16:33:25 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Ellen's feather collection.doc
[2010/07/31 16:52:57 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010/07/23 15:31:24 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spotify.lnk
[2010/07/22 11:04:27 | 000,245,357 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RC Catalogue (Bull Terrier) low res-26.jpg
[2010/07/22 10:57:01 | 008,673,182 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RC AUT 2010 FINAL ARTWORK low res.pdf
[2010/07/20 13:13:31 | 000,097,409 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\booking form.xps
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/12 12:33:40 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Flash_Disinfector.exe
[2010/10/10 19:26:48 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\15 Brookside Avenue.doc
[2010/10/09 16:14:20 | 001,752,931 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ellen.jpg
[2010/10/08 11:42:04 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Audacity.lnk
[2010/09/28 13:17:23 | 001,806,161 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DSCF0150 - Copy.JPG
[2010/09/28 13:17:23 | 000,127,184 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Me at Dadaaa's.jpg
[2010/09/28 13:17:23 | 000,071,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\At Zeeee's ;).jpg
[2010/08/28 07:53:14 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\a.PIF
[2010/08/14 22:22:15 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
[2010/08/13 10:27:12 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Ellen's feather collection.doc
[2010/07/22 11:02:42 | 000,245,357 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RC Catalogue (Bull Terrier) low res-26.jpg
[2010/07/22 10:57:01 | 008,673,182 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RC AUT 2010 FINAL ARTWORK low res.pdf
[2010/07/20 13:13:28 | 000,097,409 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\booking form.xps
[2009/10/09 17:31:03 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\iniasd.txt
[2009/08/29 07:39:37 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2009/08/29 07:39:05 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2009/08/29 07:38:56 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2009/08/29 07:38:56 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2009/08/29 07:38:56 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2009/08/22 16:13:07 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
[2009/08/18 18:16:45 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/03/18 11:52:58 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/11/24 20:16:09 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/20 11:29:59 | 000,000,053 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI
[2008/06/29 14:01:13 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/11 20:13:57 | 000,007,168 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_0402.dll
[2008/04/11 20:13:57 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_11.dll
[2008/04/11 20:13:56 | 001,933,312 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32.Dll
[2008/04/11 20:13:56 | 000,008,704 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_0C.dll
[2008/04/11 20:13:56 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_10.dll
[2008/04/11 20:13:56 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_0A.dll
[2008/04/11 20:13:56 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_07.dll
[2008/04/11 20:13:56 | 000,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_09.dll
[2007/12/26 14:55:08 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SNDUpgrade.log
[2007/10/15 11:42:45 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/08/18 18:06:26 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/08/18 18:05:51 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2007/08/12 14:24:42 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2007/08/12 14:24:42 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2007/05/29 07:14:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2007/05/29 07:14:36 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL
[2006/08/10 19:57:16 | 000,082,212 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_audio.Cache
[2006/08/10 19:56:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2006/08/10 18:24:32 | 000,000,167 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/29 14:55:32 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\BonsaiErrorLog.txt
[2006/07/20 20:44:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/06/13 22:53:24 | 000,001,260 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\NMM-MetaData.db
[2006/05/12 20:18:40 | 000,001,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/06 17:43:03 | 000,000,686 | ---- | C] () -- C:\WINDOWS\program.ini
[2006/05/06 17:41:40 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/05/06 17:41:40 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\VORBIS.DLL
[2006/05/06 17:41:40 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\OGG.DLL
[2006/05/06 17:41:40 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\VCEDIT.DLL
[2006/05/06 17:41:40 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/02/16 23:59:45 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2006/01/21 12:08:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/01/02 14:42:31 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/11/12 14:26:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/09 11:59:02 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2005/07/24 10:03:40 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/07/23 18:47:51 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/07/19 20:11:46 | 000,000,083 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2005/07/18 20:44:11 | 000,002,003 | ---- | C] () -- C:\WINDOWS\Payroll.INI
[2005/07/18 19:26:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2005/07/11 15:04:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2005/05/31 16:48:36 | 000,000,052 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2005/05/09 23:01:51 | 000,000,422 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2004/12/22 18:00:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/11/29 10:06:53 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2004/11/17 23:34:49 | 000,000,618 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/19 22:48:25 | 000,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/10/19 21:06:57 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2004/10/19 21:03:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/09/15 20:43:29 | 000,001,080 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/09/03 17:38:03 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/30 20:29:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2004/08/29 19:23:35 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2004/08/29 18:01:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/29 18:01:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/29 18:01:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/29 18:01:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/29 18:01:52 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/29 18:01:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/29 18:00:31 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/08/29 18:00:29 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/01/13 20:02:58 | 000,014,658 | ---- | C] () -- C:\WINDOWS\System32\aud2_hp.ini
[2004/01/02 02:26:33 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/02 00:00:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/01 22:15:00 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/01 22:01:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/01/01 21:59:25 | 000,025,958 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/01 21:58:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/01 20:59:39 | 000,010,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/01 20:53:08 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/01 20:06:39 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/01 20:06:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/01 20:06:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/01 19:42:30 | 000,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/01 19:30:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/01 17:32:44 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/01 17:32:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/11/14 17:58:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/11/14 01:54:06 | 000,053,312 | ---- | C] () -- C:\WINDOWS\System32\upddrv9x.dll
[2003/11/12 11:54:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/22 01:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/03/06 23:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2002/11/14 20:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 20:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 20:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 20:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 20:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[1999/01/23 03:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2005/11/19 16:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.ABC
[2005/11/19 16:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.BitTornado
[2007/08/12 14:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.LH-ABC
[2007/08/18 18:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Atari
[2009/04/28 14:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CDRoller
[2005/09/09 13:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Common Files
[2006/10/09 19:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DataLayer
[2007/11/22 20:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dBpoweramp
[2010/06/08 07:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2008/10/20 11:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FairStars Audio Converter
[2009/08/20 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2008/10/16 15:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2009/08/20 21:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Inkscape
[2004/08/29 19:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2008/08/11 19:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iolo
[2004/08/29 21:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2007/12/11 22:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEAPS
[2008/11/24 13:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2006/10/09 20:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2006/06/15 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
[2008/05/25 11:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Off Road
[2007/09/20 18:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2004/09/04 15:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Otto
[2006/06/11 22:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2007/12/11 22:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
[2008/12/08 00:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2004/01/01 22:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2006/08/26 12:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2005/06/25 20:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Seven Zip
[2008/12/08 01:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2008/12/07 23:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Setup
[2010/09/02 06:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spotify
[2006/01/21 12:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steinberg
[2010/10/05 23:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2009/08/14 12:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TotalRecorder
[2008/10/07 11:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2009/02/17 17:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010/10/13 06:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/10/10 13:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2009/08/03 14:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Epac
[2007/03/24 18:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2005/09/24 21:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Global Software Publishing
[2006/11/14 21:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2008/08/11 19:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2005/12/26 13:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/11/24 13:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2004/09/04 15:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2006/06/11 22:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/08/03 16:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/12/11 22:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pegasys Inc
[2007/04/05 17:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/12/15 12:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/07 12:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2004/08/30 20:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2004/11/04 20:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/29 08:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/03 20:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 20:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/19 01:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/07/02 13:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2004/01/01 22:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2008/08/11 19:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/10/13 07:04:46 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Wellies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Samsung PC Studio:Roxio EMC Stream
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

The Extras text did not open!

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF080000 C:\WINDOWS\System32\ati3duag.dll 1892352 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA2894000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101012.024\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0xB8E7E000 C:\WINDOWS\system32\drivers\ha10kx2k.sys 905216 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xB91F3000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 815104 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xB90F8000 C:\WINDOWS\System32\DRIVERS\hcwPVRP2.sys 798720 bytes (Hauppauge Computer Works, Inc., WinTV PVR PCI II WDM Video Capture)
0xA466F000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0xB8D9E000 C:\WINDOWS\system32\drivers\ctac32k.sys 647168 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF24E000 C:\WINDOWS\System32\ativvaxx.dll 520192 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xA471B000 C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xA483D000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA47B7000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB8F5B000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB909E000 C:\WINDOWS\system32\drivers\ctaud2k.sys 368640 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xA4AB3000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA4991000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101012.001\IDSxpx86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0xA3041000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA2AAA000 C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0xA4A34000 C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS 356352 bytes (Symantec Corporation, Network Dispatch Driver)
0xF740C000 SYMDS.SYS 352256 bytes
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA2777000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF048000 C:\WINDOWS\System32\ati2cqag.dll 229376 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 221184 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xA4B31000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 217088 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xB8FD6000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA371C000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF795A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7858000 SYMEFA.SYS 184320 bytes
0xB9072000 C:\WINDOWS\system32\drivers\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xA2091000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA48AD000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9301000 C:\WINDOWS\system32\drivers\TotRec7.sys 172032 bytes (High Criteria inc., Total Recorder WDM audio driver)
0xA4969000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA3749000 C:\WINDOWS\System32\DRIVERS\nwrdr.sys 163840 bytes (Microsoft Corporation, NetWare Redirector File System Driver)
0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA4A0E000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA49E9000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xA4623000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB92DD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB91BB000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB92BA000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA4947000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB8E5C000 C:\WINDOWS\system32\drivers\emupia2k.sys 139264 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB8E3C000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xF7462000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA4928000 C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0xB9040000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 122880 bytes (Sonic Solutions, Win2000 Framework for Packet Write Driver)
0xA479A000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB8FB9000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xBA7E6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA460B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7482000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA2EE9000 C:\WINDOWS\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF7841000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9017000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA38B1000 C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xA363F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA2880000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101012.024\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB905E000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB91DF000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA4B0C000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB902E000 C:\WINDOWS\System32\DRIVERS\bridge.sys 73728 bytes (Microsoft Corporation, MAC Bridge Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7885000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9006000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA6F6000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB9E27000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76A7000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xA45CB000 C:\WINDOWS\System32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF7657000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7517000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB9E97000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB9E17000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA37E1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7557000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7667000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA30F1000 C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF7637000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76B7000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB9E67000 C:\WINDOWS\System32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB9E77000 C:\WINDOWS\System32\DRIVERS\R8139n51.SYS 49152 bytes (Realtek Semiconductor Corporation , Realtek RTL8139/810x Family NDIS 5.1 Drv)
0xF76D7000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA736000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB9E57000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76C7000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB9E37000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 40960 bytes (Oak Technology Inc., Audio File System)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7587000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xA31F9000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF7647000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)
0xBA746000 C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF76F7000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB9E47000 C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS 36864 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA706000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB9E87000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76E7000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF74F7000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA33C1000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7507000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF779F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF777F000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7767000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA0A6000 C:\WINDOWS\System32\Drivers\dvd_2K.SYS 28672 bytes (Sonic Solutions, DVD-RAM AddOn Driver)
0xF7787000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA09E000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 28672 bytes (Sonic Solutions, CD-R/RW AddOn MMC Driver (W2K))
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77A7000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF77B7000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7717000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)
0xBA0E6000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA0C6000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA0BE000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF775F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF778F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7797000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA0D6000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA0CE000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA0DE000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77F7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA3839000 C:\WINDOWS\System32\drivers\aspi32.sys 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xA4AA3000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF792B000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA39DF000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF789B000 ntcdrdrv.sys 16384 bytes (NoteBurn Software, NoteBurn Virtual CD-RW SCSI Controller)
0xA3099000 C:\WINDOWS\System32\drivers\PfModNT.sys 16384 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA3431000 C:\WINDOWS\System32\drivers\CdaC15BA.SYS 12288 bytes (Macrovision Europe Ltd, Macrovision SECURITY Driver)
0xA37A5000 C:\WINDOWS\System32\drivers\CdaD10BA.SYS 12288 bytes (Macrovision Europe Ltd, Macrovision SECURITY Driver)
0xA482D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB8C0C000 C:\WINDOWS\System32\Drivers\FileDisk.SYS 12288 bytes (iolo technologies, LLC (based on original work by Bo Brantén), FileDisk Virtual Disk Driver)
0xB9F53000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA3241000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xA4A9F000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA786000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA7C2000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8C10000 C:\WINDOWS\System32\DRIVERS\srvkp.sys 12288 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)
0xF7933000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79B7000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A07000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 8192 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xF798F000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79A7000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79B5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798D000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79C1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xA3A3B000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79C3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79AB000 C:\WINDOWS\System32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7991000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79B3000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A99000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7A7A000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7A7D000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xBA18D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA4EB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A58000 C:\WINDOWS\System32\STEC3.sys 4096 bytes (AntiCracking, SVKP driver for NT)
==============================================
>Stealth
==============================================
0x80562520 Faked ServiceTable-->CTHELPER.EXE [ ETHREAD 0x88D1ADA8 ] TID: 124, 3238597 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88A46020 ] TID: 132, 619960 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88DBB908 ] TID: 184
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88DB06A8 ] TID: 188
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88DD24E8 ] TID: 192
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DD84B8 ] TID: 200, 4194368 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF3EA18 ] TID: 204
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x890367B0 ] TID: 268
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BA1868 ] TID: 288
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B3B020 ] TID: 304
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x88CEC7C0 ] TID: 312
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BA3B18 ] TID: 316
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89035778 ] TID: 320
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x88CEDA28 ] TID: 324, 8781826 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B8EDA8 ] TID: 328
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BA3468 ] TID: 332, 8781826 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DEA2E8 ] TID: 336
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x88F195B8 ] TID: 360, 8781826 bytes
0x80562520 Faked ServiceTable-->msimn.exe [ ETHREAD 0x89AFFC18 ] TID: 364
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E39228 ] TID: 372, 8781826 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88DAB4E8 ] TID: 380
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88990580 ] TID: 400, 8781831 bytes
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88910408 ] TID: 412
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x88D6C878 ] TID: 420, 8781831 bytes
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88169878 ] TID: 424
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x88E94418 ] TID: 448, 8781835 bytes
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88DA4CC8 ] TID: 468
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88DA1DA8 ] TID: 472, 8781849 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88865BA8 ] TID: 504
0x80562520 Faked ServiceTable-->msimn.exe [ ETHREAD 0x89AFB230 ] TID: 528, 8781861 bytes
0x80562520 Faked ServiceTable-->bgsvcgen.exe [ ETHREAD 0x88DE9DA8 ] TID: 540
0x80562520 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x88DA3530 ] TID: 572, 8781862 bytes
0x80562520 Faked ServiceTable-->ps2.exe [ ETHREAD 0x88D4F418 ] TID: 604
0x80562520 Faked ServiceTable-->QTTask.exe [ ETHREAD 0x88D3BA28 ] TID: 620, 8781862 bytes
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88D67330 ] TID: 628
0x80562520 Faked ServiceTable-->bgsvcgen.exe [ ETHREAD 0x88E80250 ] TID: 640, 8781862 bytes
0x80562520 Faked ServiceTable-->bgsvcgen.exe [ ETHREAD 0x88DFE948 ] TID: 648
0x80562520 Faked ServiceTable-->ctfmon.exe [ ETHREAD 0x88D67DA8 ] TID: 660, 8781862 bytes
0x80562520 Faked ServiceTable-->bgsvcgen.exe [ ETHREAD 0x88E16338 ] TID: 668
0x80562520 Faked ServiceTable-->bgsvcgen.exe [ ETHREAD 0x88E16878 ] TID: 672, 8781862 bytes
0x80562520 Faked ServiceTable-->bgsvcgen.exe [ ETHREAD 0x88D4C330 ] TID: 676
0x80562520 Faked ServiceTable-->GoogleToolbarNotifier.exe [ ETHREAD 0x88D344E8 ] TID: 680, 8781862 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D41970 ] TID: 688
0x80562520 Faked ServiceTable-->CTHELPER.EXE [ ETHREAD 0x88D47CA0 ] TID: 700
0x80562520 Faked ServiceTable-->CTHELPER.EXE [ ETHREAD 0x88D2CBE8 ] TID: 736
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D5C260 ] TID: 752
0x80562520 Faked ServiceTable-->CDAC11BA.EXE [ ETHREAD 0x8994B7B0 ] TID: 764
0x80562520 Faked ServiceTable-->CDAC11BA.EXE [ ETHREAD 0x8994BA28 ] TID: 772
0x80562520 Faked ServiceTable-->CDAC11BA.EXE [ ETHREAD 0x88EE8B30 ] TID: 776
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88DE9628 ] TID: 784
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8893DDA8 ] TID: 788
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88214998 ] TID: 800
0x80562520 Faked ServiceTable-->GoogleToolbarNotifier.exe [ ETHREAD 0x8AF347B0 ] TID: 804
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x889143B8 ] TID: 812
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x89AC7710 ] TID: 872
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88DD7870 ] TID: 876
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88E3ADA8 ] TID: 880
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x888DA020 ] TID: 892
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A990AE8 ] TID: 900, 1320952 bytes
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A9904F0 ] TID: 904, 393219 bytes
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88E196C0 ] TID: 924, 196611 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF46640 ] TID: 932, 885512 bytes
0x80562520 Faked ServiceTable-->CTHELPER.EXE [ ETHREAD 0x88D24C70 ] TID: 936, 393228 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889E6DA8 ] TID: 940, 262147 bytes
0x80562520 Faked ServiceTable-->atiptaxx.exe [ ETHREAD 0x88D20658 ] TID: 960
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x89B05DA8 ] TID: 976
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AF45020 ] TID: 1000, 586944 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89B56988 ] TID: 1008, 458776 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89B7A3C8 ] TID: 1012
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89B50560 ] TID: 1020
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8999F4D8 ] TID: 1032, 115 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89B75560 ] TID: 1048, 196638 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89B98660 ] TID: 1060
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89B983E8 ] TID: 1064
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89B94DA8 ] TID: 1068
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89B8E430 ] TID: 1076
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89BB3A28 ] TID: 1080
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89BB37B0 ] TID: 1084
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89BB3538 ] TID: 1088
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89BB32C0 ] TID: 1092
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89BB8A28 ] TID: 1104
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x880D5DA8 ] TID: 1116
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x888A19B8 ] TID: 1120
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9E4B00 ] TID: 1128
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A1CB6A8 ] TID: 1136, 7274612 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A1CB430 ] TID: 1140
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A1C6DA8 ] TID: 1144
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x881FA020 ] TID: 1156
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89B9ADA8 ] TID: 1160, 47268272 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A1C96A8 ] TID: 1172
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88EEF6A8 ] TID: 1176, 7929971 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88EEF430 ] TID: 1180
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88EEE7A0 ] TID: 1184
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x887F4020 ] TID: 1188
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89B94760 ] TID: 1192, 7209057 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B336B0 ] TID: 1200
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89B9AB30 ] TID: 1212
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89B9A640 ] TID: 1220
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88EEB4F8 ] TID: 1228, 5374020 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88EEB280 ] TID: 1232
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8A1CBDA8 ] TID: 1236, 6619182 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88EE9868 ] TID: 1252
0x80562520 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x89B99610 ] TID: 1264
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88EEC868 ] TID: 1272
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B90A28 ] TID: 1276
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A1CA958 ] TID: 1280
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A1CA6E0 ] TID: 1284
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88DBAAE8 ] TID: 1296
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88EECDA8 ] TID: 1300
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x881E4DA8 ] TID: 1304
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88DD8DA8 ] TID: 1308
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BB24D8 ] TID: 1320
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EDB4A8 ] TID: 1324
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EEDDA8 ] TID: 1328
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EEDB30 ] TID: 1332
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AB73F8 ] TID: 1352
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EE5DA8 ] TID: 1356
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88ED4BE8 ] TID: 1360
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EDCDA8 ] TID: 1368
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8813E470 ] TID: 1380
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x881BE9C0 ] TID: 1392
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x881569E0 ] TID: 1400
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88ED1DA8 ] TID: 1428
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EE5340 ] TID: 1432
0x80562520 Faked ServiceTable-->hpqste08.exe [ ETHREAD 0x88AFBC10 ] TID: 1452
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EF9A28 ] TID: 1460, 7077987 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EBFDA8 ] TID: 1464
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x880C19B8 ] TID: 1476
0x80562520 Faked ServiceTable-->CTSVCCDA.EXE [ ETHREAD 0x88D41640 ] TID: 1480
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88AC3020 ] TID: 1488
0x80562520 Faked ServiceTable-->ioloServiceManager.exe [ ETHREAD 0x8AC825C0 ] TID: 1496
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AE644E8 ] TID: 1500
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D42598 ] TID: 1520
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89036A28 ] TID: 1524, 2097184 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF4FDA8 ] TID: 1532
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x883F09C0 ] TID: 1540
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D41DA8 ] TID: 1564
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EAE7B0 ] TID: 1588
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B92DA8 ] TID: 1592
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EBCBE8 ] TID: 1608
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88EBF5F0 ] TID: 1616
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EABDA8 ] TID: 1624, 6553715 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B92970 ] TID: 1636
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EAB3C8 ] TID: 1640
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EA5020 ] TID: 1644
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF4F8B8 ] TID: 1648
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88EA56A8 ] TID: 1672
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88EAFA28 ] TID: 1680
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B89DA8 ] TID: 1688, 3801155 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88138930 ] TID: 1692, 5439577 bytes
0x80562520 Faked ServiceTable-->ioloServiceManager.exe [ ETHREAD 0x8AC82B00 ] TID: 1708
0x80562520 Faked ServiceTable-->ioloServiceManager.exe [ ETHREAD 0x89978020 ] TID: 1712
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88E9E7B0 ] TID: 1720
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BB2DA8 ] TID: 1728
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9D22A0 ] TID: 1732
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EBB580 ] TID: 1736
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EBFB30 ] TID: 1744
0x80562520 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x88075DA8 ] TID: 1752, 2097245 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B7C818 ] TID: 1772
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EAF7B0 ] TID: 1784
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88ED17B0 ] TID: 1792
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E9FB30 ] TID: 1800
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EB6DA8 ] TID: 1804
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E82DA8 ] TID: 1832
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x880C6020 ] TID: 1852
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88203020 ] TID: 1856, 6619244 bytes
0x80562520 Faked ServiceTable-->ioloServiceManager.exe [ ETHREAD 0x88D27488 ] TID: 1864
0x80562520 Faked ServiceTable-->ioloServiceManager.exe [ ETHREAD 0x88D27880 ] TID: 1872
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8999E730 ] TID: 1876
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88148740 ] TID: 1904
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x880DB860 ] TID: 1908
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88F16020 ] TID: 1924
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x8999EDA8 ] TID: 1928
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88F164C0 ] TID: 1932, 6422642 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88BC73F0 ] TID: 1936
0x80562520 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x880A5630 ] TID: 1948
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88DFF020 ] TID: 1956
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AE63020 ] TID: 1960
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AE63DA8 ] TID: 1964
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x88D5D020 ] TID: 1968
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E14DA8 ] TID: 1972
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E8D378 ] TID: 1980, 3145795 bytes
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88910680 ] TID: 1992
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88E49BF8 ] TID: 2000
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89037B80 ] TID: 2012
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x881815A0 ] TID: 2028
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x88CED7B0 ] TID: 2036
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x889293F0 ] TID: 2040
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88C6A868 ] TID: 2044
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x891337B0 ] TID: 2056
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF45DA8 ] TID: 2060
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89133C00 ] TID: 2068
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF456C0 ] TID: 2080
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889FC9B8 ] TID: 2088
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D31A30 ] TID: 2096
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8870C538 ] TID: 2100
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AED1DA8 ] TID: 2104
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF4E800 ] TID: 2108, 3014739 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D1D620 ] TID: 2116
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D194E8 ] TID: 2120
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EDE6A8 ] TID: 2124
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D1EA58 ] TID: 2128
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D1E460 ] TID: 2132
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88E04DA8 ] TID: 2136
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AE86DA8 ] TID: 2140
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF4EDA8 ] TID: 2144, 7274612 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88E03328 ] TID: 2156
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88108130 ] TID: 2180
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C09480 ] TID: 2212
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B77AF0 ] TID: 2216
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C786A8 ] TID: 2224
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BFDDA8 ] TID: 2228
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B648C0 ] TID: 2248
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889C6DA8 ] TID: 2252, 3407920 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A08A58 ] TID: 2260
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88931540 ] TID: 2264
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BF7020 ] TID: 2280
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x880F19B8 ] TID: 2288
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889AC9B8 ] TID: 2292
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C084E8 ] TID: 2296
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C07DA8 ] TID: 2300
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88096020 ] TID: 2308, 5439561 bytes
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8AAB02E8 ] TID: 2316
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x888B8DA8 ] TID: 2332
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88958DA8 ] TID: 2340
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BFD640 ] TID: 2356
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B725E0 ] TID: 2360
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B70940 ] TID: 2364
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B64420 ] TID: 2372, 7536761 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF38688 ] TID: 2376, 6881394 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B63328 ] TID: 2384
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CDA780 ] TID: 2396
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B706C8 ] TID: 2416
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88D522E8 ] TID: 2420
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8902F358 ] TID: 2428, 4456521 bytes
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x888E4258 ] TID: 2440
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B70450 ] TID: 2444
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C79858 ] TID: 2452
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8902F898 ] TID: 2468
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x882FC7D0 ] TID: 2476
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B635A0 ] TID: 2480
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x882C0DA8 ] TID: 2488
0x80562520 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x8902DB00 ] TID: 2496
0x80562520 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x88DBFDA8 ] TID: 2500
0x80562520 Faked ServiceTable-->UAService7.exe [ ETHREAD 0x89028A40 ] TID: 2504
0x80562520 Faked ServiceTable-->UAService7.exe [ ETHREAD 0x88D896A8 ] TID: 2508
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D8D560 ] TID: 2520, 3997757 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DC0DA8 ] TID: 2528
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF314F0 ] TID: 2532, 7602254 bytes
0x80562520 Faked ServiceTable-->MsPMSPSv.exe [ ETHREAD 0x8AF36500 ] TID: 2552
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8897BDA8 ] TID: 2556
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D8DBE8 ] TID: 2564
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF3B020 ] TID: 2568
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D86778 ] TID: 2572
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88DBFB30 ] TID: 2580
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x880839E0 ] TID: 2584
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D86500 ] TID: 2592
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D8CBC8 ] TID: 2612
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88CB46A8 ] TID: 2616
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x889148D8 ] TID: 2632, 130 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88975868 ] TID: 2644, 494248 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF22508 ] TID: 2672
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF22290 ] TID: 2676
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AF21658 ] TID: 2680
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF1E480 ] TID: 2684
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x88EFCDA8 ] TID: 2692
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88CAEDA8 ] TID: 2696
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x88BFEDA8 ] TID: 2700
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x88C036A8 ] TID: 2704
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BF4850 ] TID: 2708
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B63B00 ] TID: 2716
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D82790 ] TID: 2720
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF219D8 ] TID: 2724
0x80562520 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x88ADC020 ] TID: 2736
0x80562520 Faked ServiceTable-->GoogleToolbarNotifier.exe [ ETHREAD 0x88815AF0 ] TID: 2760
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AE47F8 ] TID: 2764
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D7C368 ] TID: 2768
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x880E6020 ] TID: 2772
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AD5DA8 ] TID: 2780
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88202020 ] TID: 2800
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889565E8 ] TID: 2836
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8816D9B8 ] TID: 2848
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x881FB020 ] TID: 2852
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88D78C70 ] TID: 2880
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88D78678 ] TID: 2884
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D79970 ] TID: 2892
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88AA75C0 ] TID: 2896, 5242963 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88AA7A38 ] TID: 2904
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A57370 ] TID: 2908
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A61AF0 ] TID: 2916, 3801155 bytes
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8816F020 ] TID: 2920
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88139020 ] TID: 2928
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CA9DA8 ] TID: 2932
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x881FE020 ] TID: 2936
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CAF8A0 ] TID: 2948, 6357106 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A503F0 ] TID: 2956, 3670082 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A586C8 ] TID: 2960, 7340153 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889EA9B8 ] TID: 2992, 2097267 bytes
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88E9EA30 ] TID: 2996, 5439570 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x881FC280 ] TID: 3000, 6357106 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AE64BF0 ] TID: 3024, 7536741 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D763F0 ] TID: 3028, 3276851 bytes
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D73800 ] TID: 3032
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CABAC8 ] TID: 3036
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF20BE8 ] TID: 3040
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF28DA8 ] TID: 3044
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CA7020 ] TID: 3060
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CA7AF0 ] TID: 3064
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CA7878 ] TID: 3068
0x80562520 Faked ServiceTable-->msimn.exe [ ETHREAD 0x88A42780 ] TID: 3080, 592544 bytes
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88282958 ] TID: 3100
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88A6C3F8 ] TID: 3104
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BC2DA8 ] TID: 3116
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x880F3020 ] TID: 3120
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CACBE8 ] TID: 3132
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BD0620 ] TID: 3144
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D32868 ] TID: 3164
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x882EFDA8 ] TID: 3176
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88C9A560 ] TID: 3196
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CA8AF0 ] TID: 3204
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88C9F870 ] TID: 3236
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88C9F5F8 ] TID: 3244
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88C9C9F0 ] TID: 3248
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF48328 ] TID: 3260
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88C975C0 ] TID: 3272
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x889FE9C0 ] TID: 3276
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88C90DA8 ] TID: 3288
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D76A28 ] TID: 3312
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88281958 ] TID: 3344
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x881365C0 ] TID: 3372
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x89029450 ] TID: 3376
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BD1378 ] TID: 3384, 4325888 bytes
0x80562520 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x8891D020 ] TID: 3404
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x880CE020 ] TID: 3408
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x881683D0 ] TID: 3412
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BFFDA8 ] TID: 3416
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BCD870 ] TID: 3424
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BCD5F8 ] TID: 3428
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x881ABDA8 ] TID: 3436
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89B92808 ] TID: 3444
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88AD4938 ] TID: 3452
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88AF0488 ] TID: 3460
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A71DA8 ] TID: 3464
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x880EC5A8 ] TID: 3484
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88C7F890 ] TID: 3488
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x888D5600 ] TID: 3504
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C84BE8 ] TID: 3524
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C84970 ] TID: 3528
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF27410 ] TID: 3540
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C8C870 ] TID: 3544
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C81020 ] TID: 3548
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C81B00 ] TID: 3552
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C81888 ] TID: 3556
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C81610 ] TID: 3560
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C81398 ] TID: 3564
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C7F020 ] TID: 3568
0x80562520 Faked ServiceTable-->hpqtra08.exe [ ETHREAD 0x889ED9B8 ] TID: 3572
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88B08750 ] TID: 3576
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C7F610 ] TID: 3580
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x88C7F398 ] TID: 3584
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C88BE8 ] TID: 3588
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C88970 ] TID: 3592
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C886F8 ] TID: 3596
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x889519B8 ] TID: 3616
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88D222B0 ] TID: 3632
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8AF4F020 ] TID: 3636
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88ADFDA8 ] TID: 3640
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AC5DA8 ] TID: 3644
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x880CA020 ] TID: 3648
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88AB37B8 ] TID: 3656
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x884335F0 ] TID: 3668
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x889C1DA8 ] TID: 3680
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A57A48 ] TID: 3684
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A50950 ] TID: 3688
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x889C8DA8 ] TID: 3692
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8886A020 ] TID: 3708
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x888D7DA8 ] TID: 3712
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88936800 ] TID: 3728
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88BC8338 ] TID: 3748
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x888127E8 ] TID: 3752
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BCB778 ] TID: 3764
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x881CF8B0 ] TID: 3768
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889955C8 ] TID: 3776
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88433BF8 ] TID: 3780
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88CB5A10 ] TID: 3792
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C8FC00 ] TID: 3796
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C88480 ] TID: 3800
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88EED650 ] TID: 3812
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D31500 ] TID: 3816
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF3C1F0 ] TID: 3820
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C74DA8 ] TID: 3828
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF4B428 ] TID: 3840
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88EFD6C0 ] TID: 3852
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x880B7648 ] TID: 3856
0x80562520 Faked ServiceTable-->hpqste08.exe [ ETHREAD 0x88AA84E8 ] TID: 3860
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8811B768 ] TID: 3864
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C72888 ] TID: 3872
0x80562520 Faked ServiceTable-->hpqste08.exe [ ETHREAD 0x88AAF868 ] TID: 3876
0x80562520 Faked ServiceTable-->hpqtra08.exe [ ETHREAD 0x88ABCDA8 ] TID: 3884
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x880A5020 ] TID: 3896
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A3E5B0 ] TID: 3916
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8894ADA8 ] TID: 3932
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8891F5B0 ] TID: 3940
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8872A9F0 ] TID: 3956
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88165DA8 ] TID: 3964
0x80562520 Faked ServiceTable-->msimn.exe [ ETHREAD 0x89B00C18 ] TID: 3968
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88800740 ] TID: 3976
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88D27020 ] TID: 3992
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF3B868 ] TID: 4008
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C74488 ] TID: 4012
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C89DA8 ] TID: 4020
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88C0E020 ] TID: 4024
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x882F5AF0 ] TID: 4028
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C8AB00 ] TID: 4032
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AF33A60 ] TID: 4036
0x80562520 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x8806EDA8 ] TID: 4040
0x80562520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8819A3C8 ] TID: 4052
0x80562520 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x88E8BDA8 ] TID: 4080


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Thanks
Andrew

Edited by andycake, 13 October 2010 - 01:30 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,596 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:37 PM

Posted 13 October 2010 - 01:42 AM

Hi Andrew, so far no signs of Ramnit here, but I see a few weird things.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 andycake

andycake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 13 October 2010 - 02:56 AM

Hi Elise

Combofix appeared to have trouble running, but eventually has completed and the log is as follows:

ComboFix 10-10-12.03 - Administrator 13/10/2010 8:27.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1503 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\iniasd.txt
c:\documents and settings\Administrator\Application Data\inst.exe
C:\Thumbs.db
c:\windows\dbxesellerate.exe
c:\windows\system32\Data
c:\windows\system32\STEC3.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_STEC3
-------\Service_STEC3


((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-13 02:22 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 02:22 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 02:22 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-08 11:07 . 2010-10-08 11:07 -------- d-----w- c:\program files\7-Zip
2010-10-08 10:42 . 2010-10-08 10:42 -------- d-----w- c:\program files\Audacity
2010-10-05 22:11 . 2010-10-05 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
2010-10-05 21:29 . 2010-10-05 21:29 -------- d-----w- C:\Error
2010-10-05 14:33 . 2010-10-05 20:47 -------- d-----w- C:\Andrew Xystos Laptop Files
2010-09-23 22:53 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-09-23 22:53 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-09-23 22:53 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-09-23 22:53 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-09-23 22:53 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-09-23 22:53 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-09-23 22:53 . 2010-10-05 21:38 -------- d-----w- c:\windows\system32\drivers\N360\0403000.005
2010-09-18 11:23 . 2010-09-18 11:23 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-06-01 21:23 . 2007-05-29 18:26 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-01 21:23 . 2007-05-29 18:26 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-01 21:23 . 2007-05-29 18:26 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-06-01 21:23 . 2007-05-29 18:26 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-06-01 21:23 . 2007-05-29 18:26 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2007-09-15 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2007-09-15 233472]
"PS2"="c:\windows\system32\ps2.exe" [2007-09-15 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-09-15 335872]
"CTHelper"="CTHELPER.EXE" [2003-11-14 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 49152]
"StartMS"="c:\program files\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\program files\BandwidthMeter\BandwidthMeter.exe [2009-10-13 285184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CONNECTAUTrayApp.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CONNECTAUTrayApp.lnk
backup=c:\windows\pss\CONNECTAUTrayApp.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
2004-01-01 21:18 159744 ----a-w- c:\progra~1\HPMEDI~1\Pavilion\XPEWWBS4\plugin\bin\PCHButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 01:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
2009-06-22 06:00 388608 ----a-w- c:\windows\system32\CF16195.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2007-09-15 23:08 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2008-04-14 00:12 50176 ----a-w- c:\windows\eHome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 23:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 15:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2007-09-15 23:08 483328 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2007-09-15 23:08 49152 ----a-w- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-06-29 13:17 319488 ----a-w- c:\my music\downloads\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
2010-04-07 13:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2003-12-17 23:31 118784 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-07-09 15:06 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-01 18:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2005-10-05 01:23 81920 ----a-r- c:\progra~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-01-26 13:46 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-07 13:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
2009-03-02 21:52 133640 ----a-w- c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2007-09-15 23:08 90112 ----a-w- c:\windows\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35441:TCP"= 35441:TCP:*:Disabled:BitComet 35441 TCP
"35441:UDP"= 35441:UDP:*:Disabled:BitComet 35441 UDP

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [20/10/2008 11:25 13440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [23/09/2010 23:53 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [23/09/2010 23:53 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [06/10/2010 07:04 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [23/09/2010 23:53 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [23/09/2010 23:53 116784]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/08/2008 20:07 566120]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/08/2008 20:07 566120]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [23/09/2010 23:53 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/10/2010 07:14 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101012.001\IDSXpx86.sys [15/09/2010 19:02 341880]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [14/08/2009 12:10 127496]
S3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [19/10/2004 20:42 36256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [22/10/2008 12:27 38224]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [29/01/2004 22:29 350282]
S3 SaiHFF32;SaiHFF32;c:\windows\system32\drivers\SaiHFF32.sys [11/04/2008 20:13 136192]
S3 SaiIFF32;Immersion's HID USB Driver (FF32);c:\windows\system32\drivers\SaiIFF32.sys [11/04/2008 20:13 16384]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [01/01/2004 22:57 50432]
S3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys [30/08/2004 18:29 796279]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [03/08/2010 12:59 16640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-10-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-27 09:09]

2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2010-10-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1352272961-4222624086-4149492324-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-10-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1352272961-4222624086-4149492324-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {8EFEBF94-3D9C-4F80-ABBC-2E22C1F770B1} - c:\documents and settings\Administrator\Local Settings\Application Data\{8EFEBF94-3D9C-4F80-ABBC-2E22C1F770B1}
FF - HiddenExtension: XULRunner: {08D5D943-8F16-4A3E-A33D-BC5F92C45CBC} - c:\documents and settings\Administrator\Local Settings\Application Data\{08D5D943-8F16-4A3E-A33D-BC5F92C45CBC}\
FF - HiddenExtension: XULRunner: {B305FCF7-8144-4E36-975C-27E92FAFCB0B} - c:\documents and settings\Administrator\Local Settings\Application Data\{B305FCF7-8144-4E36-975C-27E92FAFCB0B}\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
MSConfigStartUp-CONNECTScheduler - c:\program files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
MSConfigStartUp-KBD - c:\hp\KBD\KBD.EXE
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-SoftAP - c:\program files\Arcadyan Wireless\NetCfgWizard.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_09\bin\jusched.exe
MSConfigStartUp-Vsiqiqinic - c:\windows\ezidotex.dll
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~2\ypager.exe
MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe



[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1352272961-4222624086-4149492324-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,7e,b6,be,01,b1,4d,4e,a9,82,1a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,7e,b6,be,01,b1,4d,4e,a9,82,1a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2152)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\drivers\CDAC11BA.EXE
c:\windows\System32\CTSvcCDA.EXE
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\wdfmgr.exe
c:\windows\System32\UAService7.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-10-13 08:53:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-13 07:53
ComboFix2.txt 2009-06-22 07:08

Pre-Run: 18,838,577,152 bytes free
Post-Run: 18,830,741,504 bytes free

- - End Of File - - F55125509E0EB3133AEEC414B255F77D

Thanks
Andrew




#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,596 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:37 PM

Posted 13 October 2010 - 04:07 AM

Hi Andrew, some bad stuff (firefox add-ons and proxy hijack), but nothing too serious so far. smile.gif
Please let me know how things are running after the following fix.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\
FF - HiddenExtension: XULRunner: {8EFEBF94-3D9C-4F80-ABBC-2E22C1F770B1} - c:\documents and settings\Administrator\Local Settings\Application Data\{8EFEBF94-3D9C-4F80-ABBC-2E22C1F770B1}
FF - HiddenExtension: XULRunner: {08D5D943-8F16-4A3E-A33D-BC5F92C45CBC} - c:\documents and settings\Administrator\Local Settings\Application Data\{08D5D943-8F16-4A3E-A33D-BC5F92C45CBC}\
FF - HiddenExtension: XULRunner: {B305FCF7-8144-4E36-975C-27E92FAFCB0B} - c:\documents and settings\Administrator\Local Settings\Application Data\{B305FCF7-8144-4E36-975C-27E92FAFCB0B}\

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 andycake

andycake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 13 October 2010 - 05:18 AM

Hi Elise

Have run the script and Combofix log as follows:

ComboFix 10-10-12.03 - Administrator 13/10/2010 11:00:05.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1581 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\{08D5D943-8F16-4A3E-A33D-BC5F92C45CBC}\
c:\documents and settings\Administrator\Local Settings\Application Data\{08D5D943-8F16-4A3E-A33D-BC5F92C45CBC}\\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{08D5D943-8F16-4A3E-A33D-BC5F92C45CBC}\\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{08D5D943-8F16-4A3E-A33D-BC5F92C45CBC}\\install.rdf
c:\documents and settings\Administrator\Local Settings\Application Data\{8EFEBF94-3D9C-4F80-ABBC-2E22C1F770B1}
c:\documents and settings\Administrator\Local Settings\Application Data\{8EFEBF94-3D9C-4F80-ABBC-2E22C1F770B1}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{8EFEBF94-3D9C-4F80-ABBC-2E22C1F770B1}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{8EFEBF94-3D9C-4F80-ABBC-2E22C1F770B1}\install.rdf
c:\documents and settings\Administrator\Local Settings\Application Data\{B305FCF7-8144-4E36-975C-27E92FAFCB0B}\
c:\documents and settings\Administrator\Local Settings\Application Data\{B305FCF7-8144-4E36-975C-27E92FAFCB0B}\\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{B305FCF7-8144-4E36-975C-27E92FAFCB0B}\\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{B305FCF7-8144-4E36-975C-27E92FAFCB0B}\\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-13 02:22 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 02:22 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 02:22 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-08 11:07 . 2010-10-08 11:07 -------- d-----w- c:\program files\7-Zip
2010-10-08 10:42 . 2010-10-08 10:42 -------- d-----w- c:\program files\Audacity
2010-10-05 22:11 . 2010-10-05 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
2010-10-05 21:29 . 2010-10-05 21:29 -------- d-----w- C:\Error
2010-10-05 14:33 . 2010-10-05 20:47 -------- d-----w- C:\Andrew Xystos Laptop Files
2010-09-23 22:53 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-09-23 22:53 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-09-23 22:53 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-09-23 22:53 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-09-23 22:53 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-09-23 22:53 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-09-23 22:53 . 2010-10-05 21:38 -------- d-----w- c:\windows\system32\drivers\N360\0403000.005
2010-09-18 11:23 . 2010-09-18 11:23 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-06-01 21:23 . 2007-05-29 18:26 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-01 21:23 . 2007-05-29 18:26 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-01 21:23 . 2007-05-29 18:26 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-06-01 21:23 . 2007-05-29 18:26 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-06-01 21:23 . 2007-05-29 18:26 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2007-09-15 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2007-09-15 233472]
"PS2"="c:\windows\system32\ps2.exe" [2007-09-15 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-09-15 335872]
"CTHelper"="CTHELPER.EXE" [2003-11-14 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 49152]
"StartMS"="c:\program files\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\program files\BandwidthMeter\BandwidthMeter.exe [2009-10-13 285184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CONNECTAUTrayApp.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CONNECTAUTrayApp.lnk
backup=c:\windows\pss\CONNECTAUTrayApp.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
2004-01-01 21:18 159744 ----a-w- c:\progra~1\HPMEDI~1\Pavilion\XPEWWBS4\plugin\bin\PCHButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 01:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
2009-06-22 06:00 388608 ----a-w- c:\windows\system32\CF16195.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2007-09-15 23:08 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2008-04-14 00:12 50176 ----a-w- c:\windows\eHome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 23:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 15:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2007-09-15 23:08 483328 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2007-09-15 23:08 49152 ----a-w- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-06-29 13:17 319488 ----a-w- c:\my music\downloads\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
2010-04-07 13:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2003-12-17 23:31 118784 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-07-09 15:06 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-01 18:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2005-10-05 01:23 81920 ----a-r- c:\progra~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-01-26 13:46 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-07 13:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
2009-03-02 21:52 133640 ----a-w- c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2007-09-15 23:08 90112 ----a-w- c:\windows\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35441:TCP"= 35441:TCP:*:Disabled:BitComet 35441 TCP
"35441:UDP"= 35441:UDP:*:Disabled:BitComet 35441 UDP

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [20/10/2008 11:25 13440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [23/09/2010 23:53 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [23/09/2010 23:53 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [06/10/2010 07:04 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [23/09/2010 23:53 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [23/09/2010 23:53 116784]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/08/2008 20:07 566120]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/08/2008 20:07 566120]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [23/09/2010 23:53 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/10/2010 07:14 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101012.001\IDSXpx86.sys [15/09/2010 19:02 341880]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [14/08/2009 12:10 127496]
S3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [19/10/2004 20:42 36256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [22/10/2008 12:27 38224]
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [29/01/2004 22:29 350282]
S3 SaiHFF32;SaiHFF32;c:\windows\system32\drivers\SaiHFF32.sys [11/04/2008 20:13 136192]
S3 SaiIFF32;Immersion's HID USB Driver (FF32);c:\windows\system32\drivers\SaiIFF32.sys [11/04/2008 20:13 16384]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [01/01/2004 22:57 50432]
S3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys [30/08/2004 18:29 796279]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [03/08/2010 12:59 16640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-10-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-27 09:09]

2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2010-10-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1352272961-4222624086-4149492324-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-10-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1352272961-4222624086-4149492324-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mkwzfwu0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1352272961-4222624086-4149492324-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,7e,b6,be,01,b1,4d,4e,a9,82,1a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,7e,b6,be,01,b1,4d,4e,a9,82,1a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-10-13 11:16:10
ComboFix-quarantined-files.txt 2010-10-13 10:16
ComboFix2.txt 2010-10-13 07:53
ComboFix3.txt 2009-06-22 07:08

Pre-Run: 18,834,333,696 bytes free
Post-Run: 18,815,021,056 bytes free

- - End Of File - - 016560E1B58620546C9A898C65865714

Andrew

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,596 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:37 PM

Posted 13 October 2010 - 05:33 AM

Hi there, how are things running now?

Please rerun OTL, click the NONE button, then change the value under Extra Registry to "use safelist" and click Run Scan. Post me extra.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 andycake

andycake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 13 October 2010 - 05:38 AM

Hi Elise

Everything seems to be running fine - mainly as before, but maybe a bit quicker.

The new OTL Extras txt file is below:

OTL Extras logfile created on: 13/10/2010 11:36:37 - Run 4
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.04 Gb Total Space | 17.56 Gb Free Space | 9.70% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.94 Gb Free Space | 17.97% Space Free | Partition Type: FAT32
Drive G: | 232.83 Gb Total Space | 12.14 Gb Free Space | 5.22% Space Free | Partition Type: FAT32
Drive J: | 465.76 Gb Total Space | 14.26 Gb Free Space | 3.06% Space Free | Partition Type: NTFS
Drive L: | 298.09 Gb Total Space | 14.06 Gb Free Space | 4.72% Space Free | Partition Type: NTFS
Drive N: | 149.05 Gb Total Space | 7.68 Gb Free Space | 5.15% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Directory [tralih] -- "C:\Program Files\Trader's Little Helper\tralih.exe" /0 "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"35441:TCP" = 35441:TCP:*:Disabled:BitComet 35441 TCP
"35441:UDP" = 35441:UDP:*:Disabled:BitComet 35441 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01546E14-7DE6-4F4B-962A-64DEDA5325C0}" = Sony Ericsson OCS
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23AE394C-63E9-4774-8E09-5F8C66A9FAFE}" = Easy CD & DVD Creator 6
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{25A34321-EA4D-44F0-83B7-AB870D396E89}" = IM-me
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{2FF363D5-F0FC-47C1-ABB5-FB11845F474F}" = HP Image Zone for Media Center PC
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D49A2B7-04B3-451A-A1EF-3B0D3C297DD5}" = Sony Ericsson Mobile Phone Monitor
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44120EB1-EC80-41B1-A46F-6B8BD60F49E3}" = PC Suite
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{83ED1E80-A1B7-4256-BCF1-AC4A88151A6B}" = Microsoft MapPoint Europe 2006
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D4942F1-D5EB-40A7-9D7B-07F8ED1B71E9}" = TMPGEnc DVD Author 3 with DivX Authoring
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{90AD8C11-ED4A-4AE7-BB70-7740C452C999}" = Visual J# .NET Redistributable Package
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DCDC0A8-2280-4F43-B290-465AFDC281BC}" = DVD-Cover Printmaster 1.2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A73ACE08-4CA7-4d08-912E-EFE4DF521B39}" = c7200_Help
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF2F7927-92AF-4F5D-8B93-658F63DF8727}" = PDF Manual NW-A10003000
"{C06F36B6-6D08-452A-BF41-29C5AAB7BE2E}" = Sony Ericsson Capability Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4888DB-CE49-485b-AA3A-A9E0F361B277}" = C7200
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D67B1C57-0E05-4F8C-9011-1C8BAE293782}" = Samsung PC Studio
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB3526D4-4C7C-4F45-8303-340A23E4F950}" = HPIZFix3
"{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}" = CONNECT Player
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F619E2AF-677D-49bc-9618-D60BDFB925DB}" = C7200_doccd
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"6C456557-97F3-42AD-A918-AD60B7BE0AC8_is1" = Revolt wfr
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CATraxx_is1" = CATraxx
"CD/DVD Jewel Case and Label Creator" = CD/DVD Jewel Case and Label Creator
"CdaC13Ba" = SafeCast Shared Components
"CDRoller_is1" = CDRoller version 8.00
"Clean 5" = Clean 5
"Conexant" = HCF V9x Data Fax Voice USB Modem
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"coverXP" = coverXP (remove only)
"Creative Driver" = Creative Driver
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 7.19.7.12
"D56C7EAB-BEE6-4D51-86CF-419FFC07FF11_is1" = iolo technologies' Search and Recover
"D-Link VGA Webcam" = D-Link VGA Webcam
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR200 Reference Guide" = ESPR200 Reference Guide
"ESPR200 Software Guide" = ESPR200 Software Guide
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"FTP Commander" = FTP Commander
"GoldWave v5.08" = GoldWave v5.08
"GoldWave v5.16" = GoldWave v5.16
"HaaliMkx" = Haali Media Splitter
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Media Center PC Help" = HP Media Center PC Help
"HP Photo & Imaging" = HP Image Zone 3.5
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.46
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mkwACT" = mkw Audio Compression Toolkit
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (2.0.0.4)" = Mozilla Firefox (2.0.0.4)
"N360" = Norton 360
"Nero - Burning Rom!UninstallKey" = Nero 6
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NoteBurner_is1" = NoteBurner 2.23
"NVIDIA Drivers" = NVIDIA Drivers
"PS2" = PS2
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Spotify" = Spotify
"SSC Service Utility_is1" = SSC Service Utility v4.30
"TautologyBandwidthMeter" = Tautology Bandwidth Meter 1.7 (remove only)
"TotalRecorder" = Total Recorder 7.1
"TradersLittleHelper_is1" = Trader's Little Helper 1.1.1
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Thanks
Andrew

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,596 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:37 PM

Posted 13 October 2010 - 05:42 AM

Hi, good to hear that!


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgĺsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 andycake

andycake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 13 October 2010 - 05:49 AM

Hi Elise

There isn't a Java 6 Update 21 JRE download, but there is a Update 22JRE - should I download that one?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,596 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:37 PM

Posted 13 October 2010 - 06:12 AM

Yes, please. Its a bit weird with the Java updates lately (22 was available earlier, then disappeared...).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 andycake

andycake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 13 October 2010 - 10:44 AM

Hi Elise

Java updated and MBAM log below. Everything looks good - thank you!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4810

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/10/2010 14:30:07
mbam-log-2010-10-13 (14-30-07).txt

Scan type: Full scan (C:\|D:\|G:\|H:\|I:\|J:\|L:\|N:\|V:\|W:\|X:\|Y:\|Z:\|)
Objects scanned: 457634
Time elapsed: 2 hour(s), 8 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,596 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:37 PM

Posted 13 October 2010 - 10:55 AM

Looks good! smile.gif

Lets do one last scan for leftovers.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 andycake

andycake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 13 October 2010 - 11:15 PM

Hi Elise

All scanned and report as below:

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\11\63b3978b-3db15861 multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\32\9fa11e0-74d9f638 multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\27ff64e6-22231e46 multiple threats deleted - quarantined
C:\Downloads\TMPGEnc 4.0 XPress + DVD Author 3 with DivX Authoring (English Retail)\TMPGEnc DVD Author 3 with DivX Authoring\CRACK\Cracked\TMPGEncDVDAuthor3.exe Win32/Packed.Themida.B trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\My Music\downloads\WinDVD Platinum 7.0 (Release 2) Build 27.071 +keygen (Latest Update).rar a variant of Win32/Keygen.AF application deleted - quarantined
C:\My Music\Other\Kaspersky Virus Removal Tool 2010 Portable [04102010]\ Start.exe a variant of Win32/Injector.DFS trojan deleted - quarantined
C:\Program Files\Ahead\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Program Files\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe Win32/Packed.Themida.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043976.exe Win32/Packed.Themida.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043977.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043978.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043979.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043980.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043981.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043982.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043983.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043984.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043987.exe a variant of Win32/Injector.DFS trojan deleted - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043988.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\System Volume Information\_restore{BB6252D8-EBAA-4F86-B3EF-7CD429CD30FC}\RP317\A0043989.exe Win32/Packed.Themida.B trojan cleaned by deleting - quarantined


It says all files have been deleted and quarantined - do I need to remove these?

Andrew

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,596 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:37 PM

Posted 14 October 2010 - 07:55 AM

Hi Andrew, you can remove these quarantined threads, but they are absolutely harmless.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 andycake

andycake
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 14 October 2010 - 11:51 AM

Elise

A big 'Thank You' for all your help. I really appreciate it.

All the best
Andrew




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users