Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit and other stuff maybe help please


  • This topic is locked This topic is locked
21 replies to this topic

#1 zenmasternicksan

zenmasternicksan

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 16 October 2010 - 06:33 AM

I'm not exactly sure what happened or how I got this guy, buy I'm having a horrible time removing it. Malwarebytes, AVG, Superantispyware all have found nothing, but microsoft has identified it as WinNT/bubnix.gen!A in a scan following an update. I have been having trouble opening certain programs that have always worked fine (such as google chrome). Also, when I try to run gmer my pc crashes before it has a chance to load.


DDS (Ver_10-10-10.03) - NTFSx86
Run by Owner at 5.12.39,42 on 16-10-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1405 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\My Documents\dds.scr
C:\WINDOWS\system32\dllhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5627.1104\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-7 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-7 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-7 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-10-16 532224]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2009-4-3 1680704]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-17 12672]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-8 233472]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-9-2 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-9-2 493048]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 mstbsvc;MSN Toolbar Setup;c:\program files\msn\toolbar\4.0.0412.0\mstbsvc.exe [2010-4-6 102752]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2010-10-12 278528]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2010-10-12 642432]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-8 36608]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-14 136176]
S3 cpuz130;cpuz130;\??\c:\docume~1\owner\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-12-7 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-12 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-20 38224]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2005-4-13 14336]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\RpcAgentSrv.exe [2009-11-12 99176]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 12872]

=============== Created Last 30 ================

2010-10-16 11:00:19 -------- d-----w- c:\windows\system32\NtmsData
2010-10-15 20:09:27 -------- d-----w- c:\windows\Internet Logs
2010-10-15 19:58:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-15 02:44:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-10-15 02:11:36 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-15 00:48:32 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 00:48:32 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 00:48:32 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 00:48:19 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-14 21:17:05 -------- d-sha-r- C:\cmdcons
2010-10-14 21:16:05 -------- d-s---w- C:\ComboFix
2010-10-14 19:48:23 98816 ----a-w- c:\windows\sed.exe
2010-10-14 19:48:23 77312 ----a-w- c:\windows\MBR.exe
2010-10-14 19:48:23 256512 ----a-w- c:\windows\PEV.exe
2010-10-14 19:48:23 161792 ----a-w- c:\windows\SWREG.exe
2010-10-13 07:39:03 3584 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2010-10-13 07:39:02 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-10-13 07:08:44 -------- d-----w- c:\program files\Free Window Registry Repair
2010-10-13 06:56:04 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Promosoft Corporation
2010-10-13 03:13:11 642432 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys
2010-10-13 03:13:09 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2010-10-13 03:13:09 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-10-13 03:13:09 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-10-13 03:13:09 100880 ----a-w- c:\windows\system32\Packet.dll
2010-10-13 03:13:08 -------- d-----w- c:\program files\NETGEAR
2010-10-13 03:06:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\2Wire
2010-10-10 05:32:39 -------- d-----w- c:\docume~1\owner\applic~1\ScummVM
2010-10-10 05:32:32 -------- d-----w- c:\program files\ScummVM
2010-09-27 05:02:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-27 05:02:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-23 19:21:29 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2010-09-23 00:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-02 15:20:54 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 5.14.35,34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,581 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:13 AM

Posted 26 October 2010 - 11:39 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 zenmasternicksan

zenmasternicksan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 26 October 2010 - 06:27 PM

Hello, thanks for helping me out with my problem! Here are my reports.


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB9368000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 5406720 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF20E000 C:\WINDOWS\System32\ati3duag.dll 3870720 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF5BF000 C:\WINDOWS\System32\ativvaxx.dll 2277376 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA88D8000 C:\WINDOWS\system32\CTEXFIFX.DLL 1339392 bytes (Creative Technology Ltd., Creative XFi Effects)
0xA8B54000 C:\WINDOWS\system32\drivers\ha20x2k.sys 1187840 bytes (Creative Technology Ltd, Creative 20X HAL (WDM))
0xB90D8000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB9EB4000 PCI_PNP6520 995328 bytes
0xB9EB4000 spbp.sys 995328 bytes
0xB9EB4000 sptd 995328 bytes
0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 704512 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB9030000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF10C000 C:\WINDOWS\System32\atikvmag.dll 643072 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xA84A3000 C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys 643072 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xA8A60000 C:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xB9CD2000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8653000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xB9265000 C:\WINDOWS\system32\drivers\ctaud2k.sys 524288 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xA8574000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF1A9000 C:\WINDOWS\System32\atiok3x2.dll 413696 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xB8E98000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA8784000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA5058000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA5128000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA874A000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB8FDA000 C:\WINDOWS\System32\Drivers\ac1dqbri.SYS 233472 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB91D7000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xA8540000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB920D000 C:\WINDOWS\system32\drivers\ctoss2k.sys 212992 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB8F6E000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xA8B25000 C:\WINDOWS\system32\drivers\emupia2k.sys 192512 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xB9E6E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA5349000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CA5000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA8A1F000 C:\WINDOWS\system32\CT20XUT.DLL 180224 bytes (Creative Technology Ltd., Creative 20X Utility Effects)
0xB9DBB000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0x9BE3E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA85E4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA8AFC000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xB932C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA86D4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9E18000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA8724000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA842F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9241000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB92E5000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9309000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8631000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA860F000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9D9B000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E3E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9013000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 118784 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB9C8B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9DE7000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xB9E00000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8417000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E9C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9D72000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8FAF000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8A4B000 C:\WINDOWS\system32\CTHWIUT.DLL 86016 bytes (Creative Technology Ltd., Creative Utility Effects)
0xA4CAB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8FC6000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9354000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA87DD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9D5F000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9D89000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9E5D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8F9E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB98F0000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB98A0000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA1A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB9C4B000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA248000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB9890000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA4E00000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA308000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xBA0D8000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xB98C0000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA5048000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xBA258000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA148000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA138000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA288000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1C8000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xBA1F8000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xBA1D8000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xBA1E8000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xB9BFB000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB98B0000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA278000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA198000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA2D8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA128000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA0F8000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xBA188000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA158000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA4327000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xB9BEB000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA298000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB9C3B000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9D497000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA178000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA0E8000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA118000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xB9C5B000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3E8000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xA83FF000 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 32768 bytes (Check Point Software Technologies, ZoneAlarm Browser Security)
0xBA3F0000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB8F1E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA358000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xBA368000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xBA420000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA340000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB8F36000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA390000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA388000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xBA480000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xBA360000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xB8EFE000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB8EF6000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA370000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xBA378000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xB8F06000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xBA460000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA488000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8F0E000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB8F2E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA380000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xBA350000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xBA348000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xB8F26000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA470000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA478000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA338000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xBA468000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA4A8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xBA4D0000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xBA4D8000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xBA4BC000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xA5462000 C:\WINDOWS\system32\drivers\cpuz132_x32.sys 16384 bytes (Windows ® Codename Longhorn DDK provider, CPUID Driver)
0xBA4C8000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xA02AE000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xBA4D4000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xB9BA3000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA586A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xA46F3000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xBA4CC000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA570000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA578000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB8F5A000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA5124000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xA88C8000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9BBB000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB8F52000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5AC000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xBA63C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5B8000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xBA5AE000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xBA5B6000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5DE000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA63A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5B4000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA63E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5DC000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5BA000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xBA640000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5EE000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA5F0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5B0000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xBA604000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5B2000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7D0000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA78E000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xBA716000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xBA695000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA67E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8A84C1F8 unknown_irp_handler 3592 bytes
0x8A85D1F8 unknown_irp_handler 3592 bytes
0x8A8521F8 unknown_irp_handler 3592 bytes
0x8A84F1F8 unknown_irp_handler 3592 bytes
0x8A85A1F8 unknown_irp_handler 3592 bytes
0x8A85C1F8 unknown_irp_handler 3592 bytes
0x8A8541F8 unknown_irp_handler 3592 bytes
0x8A8C41F8 unknown_irp_handler 3592 bytes
0x8A85B1F8 unknown_irp_handler 3592 bytes
0x8A8C31F8 unknown_irp_handler 3592 bytes
0x88E751F8 unknown_irp_handler 3592 bytes
0x8A8611F8 unknown_irp_handler 3592 bytes
0x8A8C61F8 unknown_irp_handler 3592 bytes
0x8A8C21F8 unknown_irp_handler 3592 bytes
0x8A8CB1F8 unknown_irp_handler 3592 bytes
0x8A8591F8 unknown_irp_handler 3592 bytes
0x8A8CF1F8 unknown_irp_handler 3592 bytes
0x8A8C11F8 unknown_irp_handler 3592 bytes
0x8A8C51F8 unknown_irp_handler 3592 bytes
0x8A8571F8 unknown_irp_handler 3592 bytes
0x8A8551F8 unknown_irp_handler 3592 bytes
0x8A8CC1F8 unknown_irp_handler 3592 bytes
0x8A8501F8 unknown_irp_handler 3592 bytes
0x8A8531F8 unknown_irp_handler 3592 bytes
0x8A85E1F8 unknown_irp_handler 3592 bytes
0x8A8CA1F8 unknown_irp_handler 3592 bytes
0x8A84E1F8 unknown_irp_handler 3592 bytes
0x8A85F1F8 unknown_irp_handler 3592 bytes
0x8A8C71F8 unknown_irp_handler 3592 bytes
0x8A8581F8 unknown_irp_handler 3592 bytes
0x8A8CD1F8 unknown_irp_handler 3592 bytes
0x8A8511F8 unknown_irp_handler 3592 bytes
0x8A8C81F8 unknown_irp_handler 3592 bytes
0x8A5ED1F8 unknown_irp_handler 3592 bytes
0x8A8561F8 unknown_irp_handler 3592 bytes
0x8A8C91F8 unknown_irp_handler 3592 bytes
0x8A8CE1F8 unknown_irp_handler 3592 bytes
0x8A51B3F0 unknown_irp_handler 3088 bytes
0x8A4F5500 unknown_irp_handler 2816 bytes
0x8A602500 unknown_irp_handler 2816 bytes
0x8902C500 unknown_irp_handler 2816 bytes
0x8A56F500 unknown_irp_handler 2816 bytes
0x88E83500 unknown_irp_handler 2816 bytes
0x8A4F4500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]






OTL logfile created on: 26-10-2010 17.00.27 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000438 | Country: Faeroe Islands | Language: FOS | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182,15 Gb Total Space | 17,94 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
Drive D: | 4,15 Gb Total Space | 1,21 Gb Free Space | 29,14% Space Free | Partition Type: FAT32
Drive E: | 565,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: YOUR-545CA46D89 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-10-26 16.59.44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.exe
PRC - [2010-10-19 13.18.38 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010-10-14 14.54.40 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010-10-13 14.06.06 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010-09-26 23.01.55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010-09-23 13.42.07 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010-09-02 09.22.30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010-09-02 09.21.04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010-09-02 06.26.16 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010-09-02 06.26.14 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010-07-20 11.12.04 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010-07-15 13.48.15 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010-07-15 13.48.10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010-07-15 13.47.26 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010-07-15 13.47.25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010-04-06 15.34.22 | 000,102,752 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe
PRC - [2010-04-01 03.16.20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010-01-20 17.44.14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010-01-12 11.11.24 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2009-10-06 22.47.40 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009-04-03 05.01.00 | 001,680,704 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2009-03-05 19.41.02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009-02-19 09.34.32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008-12-05 16.33.39 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008-04-30 11.27.50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008-04-13 18.12.19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-09-11 04.40.32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004-06-23 21.16.08 | 000,090,112 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkDStore.exe
PRC - [2004-06-23 21.10.06 | 000,114,688 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WksWP.exe
PRC - [2004-06-23 21.09.14 | 000,069,632 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wkgdcach.exe


========== Modules (SafeList) ==========

MOD - [2010-10-26 16.59.44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.exe
MOD - [2010-09-02 06.26.22 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2010-08-23 10.12.02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009-07-12 02.12.06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009-07-12 02.09.20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010-09-02 09.22.30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010-09-02 06.26.16 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010-09-01 15.51.28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010-07-20 11.12.04 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010-07-15 13.48.10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010-04-06 15.34.22 | 000,102,752 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe -- (mstbsvc)
SRV - [2010-01-12 11.11.24 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2009-08-17 14.01.44 | 000,099,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009-07-26 07.43.14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009-04-03 05.01.00 | 001,680,704 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2009-02-19 09.34.32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008-12-07 11.21.18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008-12-05 16.33.39 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008-04-30 11.27.50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008-04-07 09.17.30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010-10-14 20.45.02 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-09-02 06.26.10 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010-08-05 05.04.36 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-07-15 13.48.18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010-07-15 13.47.26 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010-07-06 20.27.52 | 005,069,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-06-02 12.26.33 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010-05-13 10.02.32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010-04-29 15.39.38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010-03-10 19.58.25 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010-03-10 19.58.24 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009-11-06 08.26.36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009-08-08 00.46.56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009-06-11 17.34.34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009-03-27 02.16.28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009-02-19 09.34.30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008-12-02 07.05.34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008-07-15 19.12.38 | 001,173,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2008-07-15 19.11.14 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2008-07-15 19.10.28 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008-07-15 19.09.44 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008-07-15 19.08.36 | 000,127,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008-07-15 19.08.08 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2008-07-15 19.07.18 | 000,527,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008-07-15 19.06.46 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008-07-15 18.23.42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2008-07-15 18.23.22 | 000,170,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2008-07-15 18.22.46 | 001,323,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2008-04-13 12.45.12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008-04-13 12.36.39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008-04-13 12.36.39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-04-13 10.36.05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-10-14 15.05.55 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2007-09-17 15.53.26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007-07-03 16.58.20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007-07-03 16.57.24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007-04-16 22.46.00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007-02-02 04.00.00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007-02-02 04.00.00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006-07-01 22.39.40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004-12-01 22.40.08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-11-15 19.41.54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004-08-03 23.29.56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004-06-17 15.56.22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004-06-17 15.55.38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004-06-17 15.55.04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004-03-23 20.12.34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2001-08-17 22.07.44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 22.07.42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 22.07.40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 22.07.36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 22.07.34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 21.52.22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-17 21.52.20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-17 21.52.20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-17 21.52.18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-17 21.52.16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 21.52.12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 21.52.00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-17 21.51.58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-17 21.51.56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 21.51.54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001-08-17 14.49.32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522



IE - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-10-14 14.54.24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010-10-16 05.25.33 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004-08-10 13.00.00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3626235448-143542546-2890651378-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-04-13 11.20.25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003-08-09 00.24.26 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-10-26 16.59.44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.exe
[2010-10-20 13.02.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Broken Rules
[2010-10-20 12.56.15 | 000,000,000 | ---D | C] -- C:\Program Files\And Yet It Moves Demo
[2010-10-20 12.56.00 | 043,573,435 | ---- | C] (Broken Rules ) -- C:\Documents and Settings\Owner\My Documents\And Yet It Moves Demo v1.1.1 Setup.exe
[2010-10-16 05.04.55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ForceField Shared Files
[2010-10-16 05.04.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2010-10-16 05.04.33 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010-10-16 05.04.33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
[2010-10-16 05.04.32 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2010-10-16 05.04.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ZoneAlarm_Security
[2010-10-16 05.04.21 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010-10-16 05.04.03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010-10-16 05.04.00 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010-10-16 05.00.19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010-10-15 14.43.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\RootRepeal
[2010-10-15 14.09.27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010-10-15 13.58.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010-10-15 13.58.28 | 004,283,672 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\My Documents\avg_isct_stb_all_2011_1120_cnet.exe
[2010-10-14 22.16.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2010-10-14 20.44.50 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010-10-14 20.44.17 | 009,591,104 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Owner\My Documents\DTLite4356-0091.exe
[2010-10-14 20.11.36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010-10-14 15.17.05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-10-14 15.16.05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010-10-14 14.58.00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010-10-14 14.55.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
[2010-10-14 14.54.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010-10-14 14.53.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010-10-14 13.48.23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-10-14 13.48.23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-10-14 13.48.23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-10-14 13.48.23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-10-14 13.46.01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-10-14 13.10.41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-10-13 01.47.41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-10-13 01.39.02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010-10-13 01.08.44 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010-10-13 00.56.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Promosoft Corporation
[2010-10-13 00.53.00 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010-10-13 00.53.00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010-10-12 21.13.09 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010-10-12 21.13.09 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010-10-12 21.13.09 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010-10-12 21.13.08 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010-10-12 21.06.02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2Wire
[2010-10-09 23.32.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ScummVM
[2010-10-09 23.32.32 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2010-09-29 15.38.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RKILL
[2010-09-26 23.02.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010-09-26 23.02.55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008-07-11 16.51.46 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-10-26 17.02.00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010-10-26 16.59.44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.exe
[2010-10-26 13.27.35 | 000,055,432 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000005-00211102}.rfx
[2010-10-26 13.27.35 | 000,055,432 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000005-00211102}.rfx
[2010-10-26 13.27.35 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000005-00211102}.rfx
[2010-10-26 13.23.03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3626235448-143542546-2890651378-1006UA.job
[2010-10-26 13.23.00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3626235448-143542546-2890651378-1006Core.job
[2010-10-26 13.05.00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-10-26 08.41.49 | 066,837,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-10-26 08.16.01 | 000,012,120 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010-10-25 04.14.35 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\BUSINESSREGISTRATION.doc
[2010-10-25 04.07.19 | 001,085,952 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Home Occupation Perm_1.DOC
[2010-10-25 04.07.10 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Criteria for Home Occupation Business Fire Inspections.DOC
[2010-10-25 03.06.48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-10-25 03.06.17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-25 03.06.11 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-22 16.02.08 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\letterofresignation.wps
[2010-10-21 20.24.41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010-10-21 20.24.40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010-10-21 16.47.23 | 000,162,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\RandomCategories.xls
[2010-10-20 13.02.37 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010-10-20 12.56.31 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\And Yet It Moves Demo.lnk
[2010-10-20 12.55.59 | 043,573,435 | ---- | M] (Broken Rules ) -- C:\Documents and Settings\Owner\My Documents\And Yet It Moves Demo v1.1.1 Setup.exe
[2010-10-16 05.05.14 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010-10-16 05.04.18 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010-10-16 05.04.16 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk
[2010-10-16 05.02.59 | 046,957,056 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\zaSetup_92_076_000_en.exe
[2010-10-16 04.50.05 | 000,285,230 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\gmer.zip
[2010-10-16 04.45.49 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dds.scr
[2010-10-15 18.05.50 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010-10-15 14.43.28 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\RootRepeal.zip
[2010-10-15 14.04.51 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010-10-15 14.04.51 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010-10-15 13.58.30 | 004,283,672 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\My Documents\avg_isct_stb_all_2011_1120_cnet.exe
[2010-10-14 22.03.56 | 000,000,087 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010-10-14 21.17.47 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1tnjovlj.exe
[2010-10-14 20.47.57 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-10-14 20.45.02 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-10-14 20.44.22 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Owner\My Documents\DTLite4356-0091.exe
[2010-10-14 20.17.48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-10-14 20.13.59 | 000,462,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-10-14 20.13.59 | 000,078,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-10-14 20.11.36 | 000,000,209 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010-10-14 15.39.43 | 000,000,221 | RHS- | M] () -- C:\boot.ini
[2010-10-14 14.33.56 | 000,000,337 | ---- | M] () -- C:\Boot.bak
[2010-10-14 13.42.33 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe
[2010-10-13 13.57.00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010-10-13 01.48.38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010-10-13 01.08.45 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Free Window Registry Repair.lnk
[2010-10-13 01.08.34 | 000,798,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\RegpairSetup.exe
[2010-10-12 21.13.08 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2010-10-12 21.13.08 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-10-25 04.14.36 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\BUSINESSREGISTRATION.doc
[2010-10-25 04.07.19 | 001,085,952 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Home Occupation Perm_1.DOC
[2010-10-25 04.07.12 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Criteria for Home Occupation Business Fire Inspections.DOC
[2010-10-22 11.36.21 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\letterofresignation.wps
[2010-10-21 16.47.23 | 000,162,304 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\RandomCategories.xls
[2010-10-20 13.02.37 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-10-20 12.56.31 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\And Yet It Moves Demo.lnk
[2010-10-16 05.04.16 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk
[2010-10-16 05.04.01 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010-10-16 05.03.00 | 046,957,056 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\zaSetup_92_076_000_en.exe
[2010-10-16 04.50.58 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010-10-16 04.50.05 | 000,285,230 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\gmer.zip
[2010-10-16 04.47.27 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dds.scr
[2010-10-15 14.43.28 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\RootRepeal.zip
[2010-10-14 22.03.25 | 000,000,087 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010-10-14 21.17.47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1tnjovlj.exe
[2010-10-14 20.11.36 | 000,000,209 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010-10-14 18.37.41 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2010-10-14 14.53.39 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-10-14 14.53.39 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-10-14 14.33.56 | 000,000,337 | ---- | C] () -- C:\Boot.bak
[2010-10-14 14.33.52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010-10-14 13.48.23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-10-14 13.48.23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-10-14 13.48.23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-10-14 13.48.23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-10-14 13.48.23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-10-14 13.42.26 | 003,878,092 | R--- | C] () -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe
[2010-10-13 14.10.37 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010-10-13 14.10.37 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010-10-13 01.08.45 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Free Window Registry Repair.lnk
[2010-10-13 01.08.33 | 000,798,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\RegpairSetup.exe
[2010-10-12 21.13.09 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010-10-12 21.13.08 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2010-10-12 21.13.08 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2010-09-29 18.13.00 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3626235448-143542546-2890651378-1006UA.job
[2010-09-29 18.13.00 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3626235448-143542546-2890651378-1006Core.job
[2010-05-08 05.08.31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010-05-08 05.08.31 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010-05-08 05.08.21 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2009-11-12 04.34.26 | 011,808,768 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009-11-07 15.17.07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009-10-18 15.41.05 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009-09-07 18.52.41 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009-08-01 00.41.06 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2009-05-20 20.30.54 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-02-12 03.45.57 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-02-09 15.23.39 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-01-27 13.29.24 | 000,012,120 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009-01-06 00.37.21 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-12-11 13.22.10 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008-12-06 12.17.22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008-12-06 12.04.12 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-05 16.57.10 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008-12-05 16.35.42 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008-12-05 16.35.42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2008-10-07 10.13.30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 10.13.22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 10.13.20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 10.13.20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 10.13.20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 10.13.20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 10.13.20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 10.13.20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 10.13.20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 10.13.20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-07-15 17.35.42 | 000,030,305 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008-07-11 17.22.30 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008-07-11 16.50.28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008-07-11 16.50.28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007-10-25 17.26.10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007-09-27 11.51.02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007-09-27 11.48.48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-09-27 11.48.28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006-10-02 18.25.18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005-08-05 15.01.54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005-04-13 13.02.03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005-04-13 10.57.05 | 000,001,436 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005-04-13 10.57.05 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005-04-13 04.08.04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002-10-15 16.54.04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2008-12-05 16.57.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010-10-12 21.06.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2Wire
[2010-10-15 14.20.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009-11-12 15.08.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010-09-02 16.01.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-02-20 18.08.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2010-10-15 14.18.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009-10-31 15.05.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010-05-08 05.09.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010-02-06 00.35.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009-09-30 22.51.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010-10-13 13.58.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010-10-13 01.07.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-08-20 17.08.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2008-12-05 16.50.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008-12-05 16.57.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2009-02-01 19.12.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.BitTornado
[2008-12-11 15.45.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\2Wire
[2010-10-10 16.23.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2010-10-20 13.02.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Broken Rules
[2010-10-16 05.04.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2009-02-12 03.53.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2010-09-26 02.47.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009-02-12 03.53.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2010-10-26 16.58.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DNA
[2009-03-04 17.45.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FinalBurner Video DVD
[2009-08-29 21.54.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2010-02-20 18.09.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
[2010-05-08 05.09.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2010-02-20 18.07.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
[2009-09-30 22.53.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2008-12-05 16.57.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010-05-08 05.08.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2010-10-09 23.32.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScummVM
[2009-11-08 11.51.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2009-01-27 13.29.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009-02-09 18.15.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2009-02-09 18.27.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2008-12-06 12.03.53 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2008-12-06 12.03.53 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2010-10-26 17.02.00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Owner\My Documents\yopick.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Owner\My Documents\NJ1.JPG:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Owner\My Documents\idfinish.jpg:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD4DD9B9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >





OTL Extras logfile created on: 26-10-2010 17.00.27 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000438 | Country: Faeroe Islands | Language: FOS | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182,15 Gb Total Space | 17,94 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
Drive D: | 4,15 Gb Total Space | 1,21 Gb Free Space | 29,14% Space Free | Partition Type: FAT32
Drive E: | 565,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: YOUR-545CA46D89 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3626235448-143542546-2890651378-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"64172:TCP" = 64172:TCP:*:Enabled:BitTorrent
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"9999:TCP" = 9999:TCP:*:Enabled:BitTorrent
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1119:TCP" = 1119:TCP:*:Enabled:battlenet1
"1119:UDP" = 1119:UDP:*:Enabled:battlenet2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\WINDOWS\system32\lxcccoms.exe" = C:\WINDOWS\system32\lxcccoms.exe:*:Enabled:3300 Series Server -- File not found
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"C:\Documents and Settings\Owner\My Documents\Downloaded Games\Left.4.Dead.Full-Rip.Skullptura\Left.4.Dead.Full-Rip.Skullptura\Left 4 Dead\left4dead.exe" = C:\Documents and Settings\Owner\My Documents\Downloaded Games\Left.4.Dead.Full-Rip.Skullptura\Left.4.Dead.Full-Rip.Skullptura\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- ()
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Games\tf2\hl2.exe" = C:\Games\tf2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Games\Dragon Age\bin_ship\daorigins.exe" = C:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"C:\Games\Dragon Age\DAOriginsLauncher.exe" = C:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe" = C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Documents and Settings\Owner\My Documents\Downloads\sc2_teaser_1080p.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\sc2_teaser_1080p.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.9.0.151
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{26B46206-DF80-4DA2-AEAB-FF146320C344}" = CodeMeter Runtime Kit v4.01
"{2A28AAFF-CB70-4D1C-ABA3-D0B1512C98A4}" = GearRat
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E3F6C30-B62C-447C-9751-78C375DD12A2}_is1" = And Yet It Moves Demo 1.1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9A95D3-3F21-4568-B3B7-296CD0E7002A}" = RIP Vinyl Demo
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F95AA40-4287-486E-B2C1-4D1C71CAE577}" = MSN Toolbar Setup
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}" = ATI MCE Transcode
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC93F461-132C-4A10-983D-7DAFE2917D67}" = Roxio Media Manager
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF5937B6-B68F-4197-8854-5079D5D1CC2B}" = QuickConnect
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2274248-9536-B9E2-0886-84BF1F292219}" = ATI Catalyst Install Manager
"{C233D370-4B1A-4F6F-BD55-16B0C131335B}_is1" = Batch DOCX to DOC Converter 2010
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Acoustic Labs Multitrack Plus (Demo)" = Acoustic Labs Multitrack Plus (Demo)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Console
"Authorizer_is1" = Authorizer 1.0f2
"AVG9Uninstall" = AVG Free 9.0
"BlackBerry_{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.81
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DirectVobSub" = DirectVobSub (remove only)
"Dr. Robotnik's Mean Bean Machine_is1" = Dr. Robotnik's Mean Bean Machine
"energyXT2_is1" = energyXT2.07
"FLAC" = FLAC 1.2.1b (remove only)
"Flotilla Demo_is1" = Flotilla Demo v1.3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free Window Registry Repair" = Free Window Registry Repair
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PFPortChecker" = PFPortChecker 1.0.30
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"RadarSync" = RadarSync
"RealPlayer 6.0" = RealPlayer Basic
"Record_is1" = Record 1.0f4
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ScummVM_is1" = ScummVM 1.1.1
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.2
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3626235448-143542546-2890651378-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13-10-2010 05.29.42 | Computer Name = YOUR-545CA46D89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 13-10-2010 05.29.43 | Computer Name = YOUR-545CA46D89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 13-10-2010 12.48.08 | Computer Name = YOUR-545CA46D89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 13-10-2010 12.48.08 | Computer Name = YOUR-545CA46D89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 13-10-2010 12.57.42 | Computer Name = YOUR-545CA46D89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 13-10-2010 15.39.11 | Computer Name = YOUR-545CA46D89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 13-10-2010 15.39.12 | Computer Name = YOUR-545CA46D89 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 13-10-2010 16.02.36 | Computer Name = YOUR-545CA46D89 | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 13-10-2010 16.02.46 | Computer Name = YOUR-545CA46D89 | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 13-10-2010 16.02.46 | Computer Name = YOUR-545CA46D89 | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

[ System Events ]
Error - 22-10-2010 11.26.09 | Computer Name = YOUR-545CA46D89 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 22-10-2010 11.26.09 | Computer Name = YOUR-545CA46D89 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 22-10-2010 11.54.50 | Computer Name = YOUR-545CA46D89 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 22-10-2010 11.54.50 | Computer Name = YOUR-545CA46D89 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 24-10-2010 18.12.34 | Computer Name = YOUR-545CA46D89 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 24-10-2010 18.12.34 | Computer Name = YOUR-545CA46D89 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 25-10-2010 05.07.14 | Computer Name = YOUR-545CA46D89 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 25-10-2010 05.07.14 | Computer Name = YOUR-545CA46D89 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 25-10-2010 18.31.32 | Computer Name = YOUR-545CA46D89 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 25-10-2010 18.31.32 | Computer Name = YOUR-545CA46D89 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,581 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:13 AM

Posted 27 October 2010 - 01:39 AM

Bubnix can indeed be a difficult infection to remove. Combofix ought to identify it, and we can then use a script to remove it altogeher.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 zenmasternicksan

zenmasternicksan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 27 October 2010 - 11:44 AM

Combofix runs all the way through to stage 50. At this point, when it appears to be finishing up, my computer restarts suddenly. Upon reboot I get the system has recovered from a serious error message. I have included a log of the error information from that if it helps.



Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 27-10-2010
Time: 02.45.05
User: N/A
Computer: YOUR-545CA46D89
Description:
Error code 100000d0, parameter1 00000008, parameter2 00000002, parameter3 00000000, parameter4 80543c06.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 64 100000d
0020: 30 20 20 50 61 72 61 6d 0 Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 30 38 2c 20 000008,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 38 30 35 34 00, 8054
0050: 33 63 30 36 3c06

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,581 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:13 AM

Posted 27 October 2010 - 12:50 PM

Please see if the following tool picks it up.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Please take no action, and exit the application (we need first to verify the right file is detected).
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 zenmasternicksan

zenmasternicksan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 27 October 2010 - 01:04 PM

The scan did not find anything.

2010/10/27 12:01:10.0265 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/27 12:01:10.0265 ================================================================================
2010/10/27 12:01:10.0265 SystemInfo:
2010/10/27 12:01:10.0265
2010/10/27 12:01:10.0265 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/27 12:01:10.0265 Product type: Workstation
2010/10/27 12:01:10.0265 ComputerName: YOUR-545CA46D89
2010/10/27 12:01:10.0265 UserName: Owner
2010/10/27 12:01:10.0265 Windows directory: C:\WINDOWS
2010/10/27 12:01:10.0265 System windows directory: C:\WINDOWS
2010/10/27 12:01:10.0265 Processor architecture: Intel x86
2010/10/27 12:01:10.0265 Number of processors: 1
2010/10/27 12:01:10.0265 Page size: 0x1000
2010/10/27 12:01:10.0265 Boot type: Normal boot
2010/10/27 12:01:10.0265 ================================================================================
2010/10/27 12:01:10.0609 Initialize success
2010/10/27 12:01:13.0328 ================================================================================
2010/10/27 12:01:13.0328 Scan started
2010/10/27 12:01:13.0328 Mode: Manual;
2010/10/27 12:01:13.0328 ================================================================================
2010/10/27 12:01:15.0312 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/27 12:01:15.0421 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/27 12:01:15.0625 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/27 12:01:15.0781 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/27 12:01:15.0953 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/27 12:01:16.0093 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/27 12:01:16.0250 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/27 12:01:16.0421 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/27 12:01:16.0625 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/27 12:01:16.0781 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/27 12:01:16.0937 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/27 12:01:17.0156 ALCXWDM (4e0aca5290b2966f24c45250a56c2da1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/10/27 12:01:17.0437 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/27 12:01:17.0625 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/27 12:01:17.0765 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/27 12:01:17.0921 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/10/27 12:01:18.0093 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/10/27 12:01:18.0265 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/27 12:01:18.0359 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/27 12:01:18.0531 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/27 12:01:18.0734 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/27 12:01:18.0828 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/27 12:01:18.0953 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/27 12:01:19.0062 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/27 12:01:19.0390 ati2mtag (1d99d1b43638e31ea5cf4a8fd199762b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/27 12:01:19.0765 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/27 12:01:19.0906 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/27 12:01:20.0046 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/10/27 12:01:20.0187 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/10/27 12:01:20.0328 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/10/27 12:01:20.0593 BCMH43XX (b770039886598aab7cf5eaeec2409e31) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
2010/10/27 12:01:20.0812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/27 12:01:20.0921 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2010/10/27 12:01:21.0203 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/27 12:01:21.0296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/27 12:01:21.0390 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/27 12:01:21.0500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/27 12:01:21.0671 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/27 12:01:21.0843 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/10/27 12:01:21.0921 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/10/27 12:01:22.0000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/27 12:01:22.0250 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/27 12:01:22.0437 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/27 12:01:22.0734 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2010/10/27 12:01:22.0890 CT20XUT.DLL (1fc326524a54e2f07caa851a6c92f864) C:\WINDOWS\system32\CT20XUT.DLL
2010/10/27 12:01:23.0062 ctac32k (a57a4a823b242aad1e090b86b6f8c5bf) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/10/27 12:01:23.0250 ctaud2k (c4aa86490482104c219c040f9e91eda8) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/10/27 12:01:23.0437 ctdvda2k (3e14e6d3cf3ddb9870925a73e7a87432) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/10/27 12:01:23.0640 CTEXFIFX.DLL (82bd15b057cc7de8dd17c6ddb030f637) C:\WINDOWS\system32\CTEXFIFX.DLL
2010/10/27 12:01:23.0796 CTHWIUT.DLL (41e06b6baf8dbd998745a21ea6f01206) C:\WINDOWS\system32\CTHWIUT.DLL
2010/10/27 12:01:23.0890 ctprxy2k (0c57a7246e8fc0815bd6225a2704c9ea) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/10/27 12:01:23.0984 ctsfm2k (6b7c9d1f04b799eb67cc9063f5f754f7) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/10/27 12:01:24.0140 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/27 12:01:24.0296 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/27 12:01:24.0421 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/27 12:01:24.0656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/27 12:01:24.0906 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/27 12:01:25.0062 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/27 12:01:25.0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/27 12:01:25.0312 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/27 12:01:25.0421 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/27 12:01:25.0578 emupia (4265a86853cd409c26ac2f0ff7dbc1c6) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/10/27 12:01:25.0718 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2010/10/27 12:01:25.0906 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/27 12:01:26.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/27 12:01:26.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/27 12:01:26.0250 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/27 12:01:26.0359 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/27 12:01:26.0500 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/10/27 12:01:26.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/27 12:01:26.0859 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/27 12:01:27.0031 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/27 12:01:27.0234 ha20x2k (e5010dec0f66407735aaf005607ba7ed) C:\WINDOWS\system32\drivers\ha20x2k.sys
2010/10/27 12:01:27.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/27 12:01:27.0625 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/27 12:01:27.0781 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/27 12:01:27.0890 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/27 12:01:27.0984 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/27 12:01:28.0093 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/27 12:01:28.0203 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/10/27 12:01:28.0453 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/27 12:01:28.0734 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/27 12:01:28.0890 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/27 12:01:29.0000 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/27 12:01:29.0078 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/27 12:01:29.0250 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/27 12:01:29.0406 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/27 12:01:29.0593 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/27 12:01:29.0734 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/27 12:01:29.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/27 12:01:30.0000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/27 12:01:30.0109 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/27 12:01:30.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/27 12:01:30.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/27 12:01:30.0609 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/27 12:01:30.0750 ISWKL (ca1971e21609f22e07a95cc3147b6ced) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2010/10/27 12:01:30.0906 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/27 12:01:31.0000 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/27 12:01:31.0109 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/27 12:01:31.0250 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/27 12:01:31.0484 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/10/27 12:01:31.0718 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/27 12:01:31.0875 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/10/27 12:01:32.0031 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/27 12:01:32.0125 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/27 12:01:32.0296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/27 12:01:32.0406 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/27 12:01:32.0593 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/27 12:01:32.0734 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/27 12:01:32.0843 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/27 12:01:33.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/27 12:01:33.0203 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/27 12:01:33.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/27 12:01:33.0468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/27 12:01:33.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/27 12:01:33.0750 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/27 12:01:33.0843 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/27 12:01:34.0000 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2010/10/27 12:01:34.0109 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/27 12:01:34.0265 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/27 12:01:34.0390 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/27 12:01:34.0531 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/27 12:01:34.0703 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/27 12:01:34.0843 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/27 12:01:35.0000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/27 12:01:35.0171 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/27 12:01:35.0375 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/27 12:01:35.0500 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2010/10/27 12:01:35.0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/27 12:01:35.0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/27 12:01:35.0968 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/27 12:01:36.0187 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/27 12:01:36.0265 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/27 12:01:36.0375 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/27 12:01:36.0562 ossrv (b0a7d75c6be3dd5ca4e87f8f20a48601) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/10/27 12:01:36.0718 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/10/27 12:01:36.0828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/27 12:01:36.0984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/27 12:01:37.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/27 12:01:37.0171 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/10/27 12:01:37.0281 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/27 12:01:37.0531 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/27 12:01:37.0703 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/27 12:01:38.0015 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/27 12:01:38.0109 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/27 12:01:38.0234 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/27 12:01:38.0406 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/27 12:01:38.0593 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/27 12:01:38.0750 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/27 12:01:38.0843 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/27 12:01:38.0984 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/27 12:01:39.0140 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/27 12:01:39.0296 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/27 12:01:39.0453 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/27 12:01:39.0578 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/27 12:01:39.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/27 12:01:39.0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/27 12:01:39.0906 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/27 12:01:40.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/27 12:01:40.0109 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/27 12:01:40.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/27 12:01:40.0375 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/27 12:01:40.0609 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/27 12:01:40.0796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/27 12:01:40.0953 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/10/27 12:01:41.0062 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/10/27 12:01:41.0156 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/27 12:01:41.0296 RTL8023xp (d05453b44f98f0e975a36081f4362be5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/10/27 12:01:41.0421 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys
2010/10/27 12:01:41.0500 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/27 12:01:41.0562 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/10/27 12:01:41.0609 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/10/27 12:01:41.0765 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/27 12:01:41.0937 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/27 12:01:42.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/27 12:01:42.0265 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/27 12:01:42.0375 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/27 12:01:42.0500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/27 12:01:42.0718 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/27 12:01:42.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/27 12:01:43.0109 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/27 12:01:43.0281 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/10/27 12:01:43.0453 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/10/27 12:01:43.0640 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2010/10/27 12:01:43.0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/27 12:01:43.0953 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/27 12:01:44.0125 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/27 12:01:44.0218 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/27 12:01:44.0265 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/27 12:01:44.0359 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/27 12:01:44.0515 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/27 12:01:44.0703 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/27 12:01:44.0859 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/27 12:01:44.0953 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/27 12:01:45.0125 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/27 12:01:45.0296 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/27 12:01:45.0468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/27 12:01:45.0703 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/27 12:01:45.0875 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/27 12:01:46.0062 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/27 12:01:46.0234 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/27 12:01:46.0421 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/27 12:01:46.0593 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/27 12:01:46.0750 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/27 12:01:46.0843 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/27 12:01:46.0937 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/27 12:01:47.0046 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/27 12:01:47.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/27 12:01:47.0250 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/27 12:01:47.0390 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/27 12:01:47.0578 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/27 12:01:47.0718 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2010/10/27 12:01:47.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/27 12:01:48.0125 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/27 12:01:48.0250 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/27 12:01:48.0484 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/10/27 12:01:48.0687 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/27 12:01:48.0843 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/27 12:01:49.0046 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
2010/10/27 12:01:49.0187 ================================================================================
2010/10/27 12:01:49.0187 Scan finished
2010/10/27 12:01:49.0187 ================================================================================
2010/10/27 12:03:18.0328 Deinitialize success

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,581 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:13 AM

Posted 27 October 2010 - 02:07 PM

Can you please get me the filename that gets detected as Bubnix? It should look like some random letters with a .sys extension.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 zenmasternicksan

zenmasternicksan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 27 October 2010 - 02:42 PM

Well, i believe that the file is C:\WINDOWS\system32\drivers\ykshj.sys. I'm not sure if it got removed/quarantined or not, or if it is the same as what we are dealing with currently. I believe that following the initial scan the program told me that it was unable to remove the infection completley. In any event, I hope that this helps a little. I will post the log of the windows malicious software removal tool. Also, it may be worth mentioning that though I can not find a combofix log, some of the associated files/folders are still present. C:\ComboFix is present, but is just a shortcut to my computer. The Qoobox file has a quarantined tcpip.sys.vir file as well.



Microsoft Windows Malicious Software Removal Tool v3.12, October 2010
Started On Thu Oct 14 20:08:55 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1848 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3932 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1848 (code 0x00000005 (5))

Quick Scan Results for 463BD14C-86B6-4765-BDF4-4A283AFD6186:
----------------
->Scan ERROR: resource process://pid:1848 (code 0x00000005 (5))
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
Threat detected: Trojan:WinNT/Bubnix.gen!A
driver://ykshj
file://C:\WINDOWS\system32\drivers\ykshj.sys
SigSeq: 0x00003F963B4BEA4D
SHA1: B4240141C07FCDC949F007120671D50B3D80C04A

Quick Scan Removal Results
----------------
Start 'remove' for driver://ykshj
Operation succeeded !

Start 'remove' for file://\\?\C:\WINDOWS\system32\drivers\ykshj.sys
Operation was scheduled to be completed after next reboot.


Results Summary:
----------------
For cleaning Trojan:WinNT/Bubnix.gen!A, the system needs to be restarted.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 14 20:11:41 2010


Return code: 10 (0xa)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.12, October 2010
Started On Thu Oct 14 20:48:40 2010
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1720 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2216 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2984 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1720 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1720 (code 0x00000005 (5))
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://D:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://D:\autorun.inf (code 0x0000054F (1359))

Engine internal result code = 80508015

Results Summary:
----------------
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 14 20:55:03 2010


Return code: 10 (0xa)

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,581 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:13 AM

Posted 27 October 2010 - 03:03 PM

Okay, thats something to work with :)

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
KillAll::

Rootkit::
C:\WINDOWS\system32\drivers\ykshj.sys

Driver::
ykshj

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 zenmasternicksan

zenmasternicksan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 27 October 2010 - 05:42 PM

When combofix runs in this way it restarts the computer before it gets a chance to begin anything.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,581 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:13 AM

Posted 28 October 2010 - 02:12 AM

Can you try it from safe mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 zenmasternicksan

zenmasternicksan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 29 October 2010 - 03:54 AM

okay i got it to run in safe mode. when i first tried to run it though, it gave me an error saying that combo fix is only compatible with xp and 2000....and I am running xp. I attempted to load again, and was successful this time. I also received a number of missing file errors before the scan actually began. I did get a log though!

ComboFix 10-10-26.04 - Owner 28-10-2010 22.39.22.5.1 - x86 MINIMAL
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Server
C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Server\server.dat
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_YKSHJ
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-29 04:20:56 . 2010-10-28 04:12:54 -------- d-----r- C:\32788R22FWJFW
2010-10-20 19:02:42 . 2010-10-20 19:02:42 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Broken Rules
2010-10-20 18:56:15 . 2010-10-20 19:02:31 -------- d-----w- C:\Program Files\And Yet It Moves Demo
2010-10-16 11:00:19 . 2010-10-16 11:00:19 -------- d-----w- C:\WINDOWS\system32\NtmsData
2010-10-15 20:09:27 . 2010-10-29 05:56:07 -------- d-----w- C:\WINDOWS\Internet Logs
2010-10-15 19:58:38 . 2010-10-15 20:18:50 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
2010-10-15 02:44:50 . 2010-10-15 02:45:05 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2010-10-15 02:11:36 . 2010-10-15 02:11:36 -------- d-----w- C:\WINDOWS\system32\MpEngineStore
2010-10-15 00:48:32 . 2010-09-18 06:53:25 974848 -c----w- C:\WINDOWS\system32\dllcache\mfc42.dll
2010-10-15 00:48:32 . 2010-09-18 06:53:25 954368 -c----w- C:\WINDOWS\system32\dllcache\mfc40.dll
2010-10-15 00:48:32 . 2010-09-18 06:53:25 953856 -c----w- C:\WINDOWS\system32\dllcache\mfc40u.dll
2010-10-15 00:48:19 . 2010-08-23 16:12:04 617472 -c----w- C:\WINDOWS\system32\dllcache\comctl32.dll
2010-10-14 20:58:00 . 2010-10-14 20:58:00 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2010-10-14 20:53:42 . 2010-10-14 20:53:42 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2010-10-13 07:39:03 . 2010-10-13 07:39:03 3584 ----a-r- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-10-13 07:39:02 . 2010-10-13 07:39:02 -------- d-----w- C:\Program Files\Windows Installer Clean Up
2010-10-13 07:08:44 . 2010-10-13 07:17:18 -------- d-----w- C:\Program Files\Free Window Registry Repair
2010-10-13 06:56:04 . 2010-10-13 07:07:30 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\Promosoft Corporation
2010-10-13 06:53:00 . 2010-10-13 06:53:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NOS
2010-10-13 06:53:00 . 2010-10-13 06:53:00 -------- d-----w- C:\Program Files\NOS
2010-10-13 03:13:11 . 2009-11-06 14:26:36 642432 ----a-w- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys
2010-10-13 03:13:08 . 2010-10-13 03:13:08 -------- d-----w- C:\Program Files\NETGEAR
2010-10-13 03:06:02 . 2010-10-13 03:06:02 -------- d-----w- C:\Documents and Settings\All Users\Application Data\2Wire
2010-10-10 05:32:39 . 2010-10-10 05:32:39 -------- d-----w- C:\Documents and Settings\Owner\Application Data\ScummVM
2010-10-10 05:32:32 . 2010-10-10 05:32:34 -------- d-----w- C:\Program Files\ScummVM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 22:24:58 . 2008-12-05 22:26:22 94208 ----a-w- C:\WINDOWS\DUMP51b5.tmp
2010-10-15 02:45:02 . 2009-02-12 09:45:57 691696 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2010-09-27 05:01:55 . 2010-09-27 05:02:17 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2010-09-27 05:01:55 . 2010-09-27 05:02:17 423656 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2010-09-18 18:23:26 . 2005-04-13 16:55:46 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2010-09-18 06:53:25 . 2005-04-13 16:55:46 974848 ----a-w- C:\WINDOWS\system32\mfc42.dll
2010-09-18 06:53:25 . 2005-04-13 16:55:46 954368 ----a-w- C:\WINDOWS\system32\mfc40.dll
2010-09-18 06:53:25 . 2005-04-13 16:55:46 953856 ----a-w- C:\WINDOWS\system32\mfc40u.dll
2010-09-10 05:58:08 . 2005-04-13 16:56:12 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-09-10 05:58:06 . 2005-04-13 16:55:45 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2010-09-10 05:58:06 . 2005-04-13 16:55:43 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2010-09-01 11:51:14 . 2005-04-13 16:55:27 285824 ----a-w- C:\WINDOWS\system32\atmfd.dll
2010-08-31 13:42:52 . 2005-04-13 16:56:11 1852800 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-08-27 08:02:29 . 2005-04-13 16:56:08 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2010-08-27 05:57:43 . 2005-04-13 16:56:06 99840 ----a-w- C:\WINDOWS\system32\srvsvc.dll
2010-08-26 13:39:50 . 2005-04-13 16:56:06 357248 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2010-08-26 12:52:45 . 2009-04-15 11:56:37 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2010-08-23 16:12:04 . 2005-04-13 16:55:29 617472 ----a-w- C:\WINDOWS\system32\comctl32.dll
2010-08-17 13:17:06 . 2005-04-13 16:56:06 58880 ----a-w- C:\WINDOWS\system32\spoolsv.exe
2010-08-16 08:45:00 . 2005-04-13 16:56:00 590848 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "C:\Program Files\ZoneAlarm_Security\tbZone.dll" [2010-06-14 01:10:00 2734688]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-06-14 01:10:00 2734688 ----a-w- C:\Program Files\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "C:\Program Files\ZoneAlarm_Security\tbZone.dll" [2010-06-14 01:10:00 2734688]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "C:\Program Files\ZoneAlarm_Security\tbZone.dll" [2010-06-14 01:10:00 2734688]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-27 22:34:07 2424560]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2009-10-07 04:47:40 323392]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 10:40:32 218032]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-03-06 01:41:02 98304]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-30 00:12:57 136176]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-14 20:54:40 39408]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 09:16:20 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:32:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 19:00:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:31:50 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32:16 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32:16 455168]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 17:44:46 248552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-05-26 23:18:30 413696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 10:47:04 35760]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 15:21:04 1043968]
"ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-02 12:26:14 738808]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - C:\Program Files\NETGEAR\WNA3100\WNA3100.exe [2010-10-12 4562944]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 16:13:36 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 04:41:34 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-09 19:56:22 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:48:15 12536 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\Downloaded Games\\Left.4.Dead.Full-Rip.Skullptura\\Left.4.Dead.Full-Rip.Skullptura\\Left 4 Dead\\left4dead.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"C:\\Games\\tf2\\hl2.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe"=
"C:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"C:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"C:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"C:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"C:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64172:TCP"= 64172:TCP:BitTorrent
"9999:TCP"= 9999:TCP:BitTorrent
"1119:TCP"= 1119:TCP:battlenet1
"1119:UDP"= 1119:UDP:battlenet2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\drivers\agpcpq.sys [13-04-2005 12.35.08 44928]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [07-12-2008 13.10.18 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [07-12-2008 13.10.22 243024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [17-11-2008 16.11.06 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [17-11-2008 16.11.04 67656]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [15-07-2010 13.47.27 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [15-07-2010 13.48.10 308136]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [03-04-2009 05.01.00 1680704]
R2 cpuz132;cpuz132;C:\WINDOWS\system32\drivers\cpuz132_x32.sys [17-02-2010 15.14.40 12672]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [07-12-2008 11.21.11 417792]
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\ehome\ehrecvr.exe [13-04-2005 11.13.20 237568]
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\ehome\ehSched.exe [13-04-2005 11.13.20 102912]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [08-05-2010 05.08.31 233472]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [02-09-2010 06.26.10 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [02-09-2010 06.26.16 493048]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [26-09-2010 23.01.55 153376]
R2 mstbsvc;MSN Toolbar Setup;C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe [06-04-2010 15.34.22 102752]
R2 WSearch;Windows Search;C:\WINDOWS\system32\searchindexer.exe [26-05-2008 23.18.44 439808]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\WINDOWS\system32\drivers\bcmwlhigh5.sys [12-10-2010 21.13.11 642432]
R3 CT20XUT.DLL;CT20XUT.DLL;C:\WINDOWS\system32\CT20XUT.DLL [15-07-2008 18.23.22 170520]
R3 ctac32k;Creative AC3 Software Decoder;C:\WINDOWS\system32\drivers\ctac32k.sys [15-07-2008 19.06.46 511000]
R3 ctaud2k;Creative Audio Driver (WDM);C:\WINDOWS\system32\drivers\ctaud2k.sys [15-07-2008 19.07.18 527384]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL;C:\WINDOWS\system32\CTEXFIFX.DLL [15-07-2008 18.22.46 1323544]
R3 CTHWIUT.DLL;CTHWIUT.DLL;C:\WINDOWS\system32\CTHWIUT.DLL [15-07-2008 18.23.42 72728]
R3 ctprxy2k;Creative Proxy Driver;C:\WINDOWS\system32\drivers\ctprxy2k.sys [15-07-2008 19.09.44 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver;C:\WINDOWS\system32\drivers\ctsfm2k.sys [15-07-2008 19.10.28 157208]
R3 emupia;E-mu Plug-in Architecture Driver;C:\WINDOWS\system32\drivers\emupia2k.sys [15-07-2008 19.11.14 92696]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [08-05-2010 05.08.31 36608]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [15-07-2008 19.12.38 1173016]
R3 ossrv;Creative OS Services Driver;C:\WINDOWS\system32\drivers\ctoss2k.sys [15-07-2008 19.08.36 127000]
R3 RimVSerPort;RIM Virtual Serial Port v2;C:\WINDOWS\system32\drivers\RimSerial.sys [30-09-2009 22.23.43 26496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver;C:\WINDOWS\system32\drivers\Rtnicxp.sys [02-12-2008 07.05.34 118656]
S1 P3;Intel PentiumIII Processor Driver;C:\WINDOWS\system32\drivers\p3.sys [03-08-2004 23.59.20 42752]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14-10-2010 14.53.31 136176]
S2 WSWNA3100;WSWNA3100;C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [12-10-2010 21.13.09 278528]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [10-05-2010 16.39.46 49904]
S3 cpuz130;cpuz130;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [07-12-2008 11.21.18 79360]
S3 ctdvda2k;Creative DVD-Audio Device Driver;C:\WINDOWS\system32\drivers\ctdvda2k.sys [15-07-2008 19.08.08 347080]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [12-11-2009 14.04.42 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [20-08-2010 13.40.30 38224]
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs [13-04-2005 10.56.07 14336]
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\drivers\mhndrv.sys [13-04-2005 11.13.43 11008]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver;C:\WINDOWS\system32\drivers\mxnic.sys [13-04-2005 04.09.54 19968]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\WINDOWS\System32\svchost.exe -k nosGetPlusHelper [13-04-2005 10.56.07 14336]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\nsndis5.sys [23-03-2004 20.12.34 17280]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\drivers\pccsmcfd.sys [08-05-2010 05.09.07 21632]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS --> C:\WINDOWS\system32\PCTINDIS5.SYS [?]
S3 RimUsb;BlackBerry Smartphone;C:\WINDOWS\system32\drivers\RimUsb.sys [20-05-2008 19.33.50 22784]
S3 SANDRA;SANDRA;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\sandra.sys [12-11-2009 04.34.26 23112]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [12-11-2009 04.34.25 99176]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [17-11-2008 16.11.08 12872]
S3 ServiceLayer;ServiceLayer;C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [07-04-2008 09.17.30 430592]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter;C:\WINDOWS\system32\drivers\sscdmdfl.sys [08-05-2010 05.08.46 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers;C:\WINDOWS\system32\drivers\sscdmdm.sys [08-05-2010 05.08.46 106792]
S3 SunkFilt;Alcor Micro Corp Reader;C:\WINDOWS\system32\drivers\Sunkfilt.sys [15-11-2004 19.41.54 36804]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe --> C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [?]
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys --> C:\WINDOWS\system32\DRIVERS\wanatw4.sys [?]
S3 WpdUsb;WpdUsb;C:\WINDOWS\system32\drivers\wpdusb.sys [13-04-2005 10.55.26 38528]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\drivers\ZD1211BU.sys [11-12-2008 15.40.10 477696]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [12-02-2009 03.45.57 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-29 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-14 20:53:31 . 2010-09-30 00:12:57]

2010-10-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-14 20:53:31 . 2010-09-30 00:12:57]

2010-10-27 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3626235448-143542546-2890651378-1006Core.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-30 00:12:59 . 2010-09-30 00:12:57]

2010-10-28 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3626235448-143542546-2890651378-1006UA.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-30 00:12:59 . 2010-09-30 00:12:57]

2008-12-06 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2005-04-13 17:16:44 . 2008-04-14 00:12:31]

2008-12-06 C:\WINDOWS\Tasks\ISP signup reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2005-04-13 17:16:44 . 2008-04-14 00:12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-RealPlayer 6.0 - C:\Program Files\Common Files\Real\Update\\rnuninst.exe

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,581 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:13 AM

Posted 29 October 2010 - 08:12 AM

Hi again,

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
KillAll::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 zenmasternicksan

zenmasternicksan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 30 October 2010 - 07:11 PM

ComboFix 10-10-26.04 - Owner 30-10-2010 16.33.07.6.1 - x86 MINIMAL
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Server\server.dat
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_YKSHJ
-------\Service_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-20 19:02:42 . 2010-10-20 19:02:42 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Broken Rules
2010-10-20 18:56:15 . 2010-10-20 19:02:31 -------- d-----w- C:\Program Files\And Yet It Moves Demo
2010-10-16 11:00:19 . 2010-10-16 11:00:19 -------- d-----w- C:\WINDOWS\system32\NtmsData
2010-10-15 20:09:27 . 2010-10-30 23:52:15 -------- d-----w- C:\WINDOWS\Internet Logs
2010-10-15 19:58:38 . 2010-10-15 20:18:50 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MFAData
2010-10-15 02:44:50 . 2010-10-15 02:45:05 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2010-10-15 02:11:36 . 2010-10-15 02:11:36 -------- d-----w- C:\WINDOWS\system32\MpEngineStore
2010-10-15 00:48:32 . 2010-09-18 06:53:25 974848 -c----w- C:\WINDOWS\system32\dllcache\mfc42.dll
2010-10-15 00:48:32 . 2010-09-18 06:53:25 954368 -c----w- C:\WINDOWS\system32\dllcache\mfc40.dll
2010-10-15 00:48:32 . 2010-09-18 06:53:25 953856 -c----w- C:\WINDOWS\system32\dllcache\mfc40u.dll
2010-10-15 00:48:19 . 2010-08-23 16:12:04 617472 -c----w- C:\WINDOWS\system32\dllcache\comctl32.dll
2010-10-14 20:58:00 . 2010-10-14 20:58:00 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2010-10-14 20:53:42 . 2010-10-14 20:53:42 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2010-10-13 07:39:03 . 2010-10-13 07:39:03 3584 ----a-r- C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-10-13 07:39:02 . 2010-10-13 07:39:02 -------- d-----w- C:\Program Files\Windows Installer Clean Up
2010-10-13 07:08:44 . 2010-10-13 07:17:18 -------- d-----w- C:\Program Files\Free Window Registry Repair
2010-10-13 06:56:04 . 2010-10-13 07:07:30 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\Promosoft Corporation
2010-10-13 06:53:00 . 2010-10-13 06:53:17 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NOS
2010-10-13 06:53:00 . 2010-10-13 06:53:00 -------- d-----w- C:\Program Files\NOS
2010-10-13 03:13:11 . 2009-11-06 14:26:36 642432 ----a-w- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys
2010-10-13 03:13:08 . 2010-10-13 03:13:08 -------- d-----w- C:\Program Files\NETGEAR
2010-10-13 03:06:02 . 2010-10-13 03:06:02 -------- d-----w- C:\Documents and Settings\All Users\Application Data\2Wire
2010-10-10 05:32:39 . 2010-10-10 05:32:39 -------- d-----w- C:\Documents and Settings\Owner\Application Data\ScummVM
2010-10-10 05:32:32 . 2010-10-10 05:32:34 -------- d-----w- C:\Program Files\ScummVM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 22:24:58 . 2008-12-05 22:26:22 94208 ----a-w- C:\WINDOWS\DUMP51b5.tmp
2010-10-15 02:45:02 . 2009-02-12 09:45:57 691696 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2010-09-27 05:01:55 . 2010-09-27 05:02:17 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2010-09-27 05:01:55 . 2010-09-27 05:02:17 423656 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2010-09-18 18:23:26 . 2005-04-13 16:55:46 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2010-09-18 06:53:25 . 2005-04-13 16:55:46 974848 ----a-w- C:\WINDOWS\system32\mfc42.dll
2010-09-18 06:53:25 . 2005-04-13 16:55:46 954368 ----a-w- C:\WINDOWS\system32\mfc40.dll
2010-09-18 06:53:25 . 2005-04-13 16:55:46 953856 ----a-w- C:\WINDOWS\system32\mfc40u.dll
2010-09-10 05:58:08 . 2005-04-13 16:56:12 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-09-10 05:58:06 . 2005-04-13 16:55:45 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2010-09-10 05:58:06 . 2005-04-13 16:55:43 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2010-09-01 11:51:14 . 2005-04-13 16:55:27 285824 ----a-w- C:\WINDOWS\system32\atmfd.dll
2010-08-31 13:42:52 . 2005-04-13 16:56:11 1852800 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-08-27 08:02:29 . 2005-04-13 16:56:08 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2010-08-27 05:57:43 . 2005-04-13 16:56:06 99840 ----a-w- C:\WINDOWS\system32\srvsvc.dll
2010-08-26 13:39:50 . 2005-04-13 16:56:06 357248 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2010-08-26 12:52:45 . 2009-04-15 11:56:37 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2010-08-23 16:12:04 . 2005-04-13 16:55:29 617472 ----a-w- C:\WINDOWS\system32\comctl32.dll
2010-08-17 13:17:06 . 2005-04-13 16:56:06 58880 ----a-w- C:\WINDOWS\system32\spoolsv.exe
2010-08-16 08:45:00 . 2005-04-13 16:56:00 590848 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "C:\Program Files\ZoneAlarm_Security\tbZone.dll" [2010-06-14 01:10:00 2734688]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-06-14 01:10:00 2734688 ----a-w- C:\Program Files\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "C:\Program Files\ZoneAlarm_Security\tbZone.dll" [2010-06-14 01:10:00 2734688]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "C:\Program Files\ZoneAlarm_Security\tbZone.dll" [2010-06-14 01:10:00 2734688]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-27 22:34:07 2424560]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2009-10-07 04:47:40 323392]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 10:40:32 218032]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-03-06 01:41:02 98304]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-30 00:12:57 136176]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-14 20:54:40 39408]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 09:16:20 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:32:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 19:00:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:31:50 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32:16 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:32:16 455168]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 17:44:46 248552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-05-26 23:18:30 413696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 10:47:04 35760]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 15:21:04 1043968]
"ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-02 12:26:14 738808]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - C:\Program Files\NETGEAR\WNA3100\WNA3100.exe [2010-10-12 4562944]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 16:13:36 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 04:41:34 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-09 19:56:22 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:48:15 12536 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\Downloaded Games\\Left.4.Dead.Full-Rip.Skullptura\\Left.4.Dead.Full-Rip.Skullptura\\Left 4 Dead\\left4dead.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"C:\\Games\\tf2\\hl2.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe"=
"C:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"C:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"C:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"C:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"C:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64172:TCP"= 64172:TCP:BitTorrent
"9999:TCP"= 9999:TCP:BitTorrent
"1119:TCP"= 1119:TCP:battlenet1
"1119:UDP"= 1119:UDP:battlenet2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [07-12-2008 13.10.18 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [07-12-2008 13.10.22 243024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [17-11-2008 16.11.06 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [17-11-2008 16.11.04 67656]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [15-07-2010 13.47.27 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [15-07-2010 13.48.10 308136]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [03-04-2009 05.01.00 1680704]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [08-05-2010 05.08.31 233472]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [02-09-2010 06.26.10 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [02-09-2010 06.26.16 493048]
R2 mstbsvc;MSN Toolbar Setup;C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe [06-04-2010 15.34.22 102752]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\WINDOWS\system32\drivers\bcmwlhigh5.sys [12-10-2010 21.13.11 642432]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [08-05-2010 05.08.31 36608]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14-10-2010 14.53.31 136176]
S2 WSWNA3100;WSWNA3100;C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [12-10-2010 21.13.09 278528]
S3 cpuz130;cpuz130;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [07-12-2008 11.21.18 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [12-11-2009 14.04.42 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [20-08-2010 13.40.30 38224]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\WINDOWS\System32\svchost.exe -k nosGetPlusHelper [13-04-2005 10.56.07 14336]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [12-11-2009 04.34.25 99176]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [17-11-2008 16.11.08 12872]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [12-02-2009 03.45.57 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-14 20:53:31 . 2010-09-30 00:12:57]

2010-10-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-14 20:53:31 . 2010-09-30 00:12:57]

2010-10-27 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3626235448-143542546-2890651378-1006Core.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-30 00:12:59 . 2010-09-30 00:12:57]

2010-10-30 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3626235448-143542546-2890651378-1006UA.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-30 00:12:59 . 2010-09-30 00:12:57]

2008-12-06 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2005-04-13 17:16:44 . 2008-04-14 00:12:31]

2008-12-06 C:\WINDOWS\Tasks\ISP signup reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2005-04-13 17:16:44 . 2008-04-14 00:12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 17:52:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users