Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google / Ask.com Redirects


  • This topic is locked This topic is locked
15 replies to this topic

#1 PowerRAV

PowerRAV

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:27 AM

Posted 15 February 2011 - 03:45 AM

Hi, having some problems with search results redirecting to other web sites. It all started on 2/12 after letting my father use the computer. Not sure what he did but when I got on later that day I found new processes running in the background (Bfx.exe) that I had never seen before and ran Malwarebytes / Spybot S&D to check them out. Sure enough they were infections and was removed. After noticing the redirecting I did some testing with the redirects and found that it doesn't always redirect me but when I search for example: AVG, Symantec, or Avast or other antivirus programs it redirects me to other web sites such as: webroot.com, oghgrnnoeati.com, eloqua.com. The redirects happen with both IE and Firefox and so far only have redirected if I use Google or Ask.com. Using Bing or Yahoo I havn't had redirects using them. I did some digging and found a suspicious file that was created during the time my father was on the PC and couldn't find any information on it. It's located in C:/Windows/Sytem32 called "wiasf8.dll" I did attempt to delete it but its marked Read-only and Hidden and even when changing those attributes it displays the message Access is Denied even tried in a command prompt with same message.

As per the "Preparation Guide" I attempted to run GMER but when I did so it locked the system up and became unresponsive, Task manager and such wouldn't come up and after waiting some time I restarted the PC. Here's the MBAM log I ran from later that day that removed the Bfx.exe and others.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5750

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/12/2011 4:15:41 PM
mbam-log-2011-02-12 (16-15-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 204736
Time elapsed: 20 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Trojan.FakeAlert) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\VanDorn\local settings\Temp\Bfx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.






And heres the DDS log:





DDS (Ver_10-12-12.02) - NTFSx86
Run by VanDorn at 1:54:03.65 on Tue 02/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.679 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
svchost.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ebay.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodakp~1.lnk - c:\program files\kodak\kodak picture transfer software\pts.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264270295718
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: DfLogon - LogonDll.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 255.255.255.255 broadcasthost

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vandorn\applic~1\mozilla\firefox\profiles\k2rxp2wp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2007-6-28 131472]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-7 12672]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-9-26 14976]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-3-18 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-12 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-15 06:05:42 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-02-15 06:05:42 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-02-12 21:43:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-12 21:43:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-12 21:40:57 -------- d-----w- c:\docume~1\vandorn\applic~1\Malwarebytes
2011-02-12 21:40:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-12 21:40:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-12 21:40:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-12 21:40:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-12 18:11:52 -------- d-----w- c:\docume~1\vandorn\locals~1\applic~1\Apple Computer
2011-02-12 15:58:32 135168 --sha-r- c:\windows\system32\wiasf8.dll
2011-01-30 20:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 20:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-28 21:47:01 -------- d-----w- c:\docume~1\vandorn\locals~1\applic~1\AOL
2011-01-28 21:47:01 -------- d-----w- c:\docume~1\vandorn\locals~1\applic~1\AIM
2011-01-28 21:46:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AIM
2011-01-28 21:46:43 -------- d-----w- c:\program files\AIM
2011-01-28 21:46:39 -------- d-----w- c:\program files\common files\AOL
2011-01-26 06:15:13 -------- d-----w- c:\program files\Quick Macros 2
2011-01-24 18:27:29 -------- d-----w- c:\program files\AutoHotkey
2011-01-20 05:14:01 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-20 05:13:47 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-20 05:13:19 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-20 05:13:19 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-20 05:12:54 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-12-15 00:31:03 235248 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-15 00:31:03 235248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 1:54:29.23 ===============




Any help I can get to fix this is appreciated.

-Ryan

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:27 PM

Posted 15 February 2011 - 06:19 AM

Hello

My name is Baabiouz and I'll help you get your Pc clean.

Step #1
You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:
Install it and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.


Step #2
Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
Posted Image

#3 PowerRAV

PowerRAV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:27 AM

Posted 15 February 2011 - 06:28 PM

Hi Baabiouz,

I removed Avast Antivirus recently and began using Deep Freeze to keep the PC clean but unfortunately had Deep Freeze off at the time of infection. So I reinstalled Avast now, updated and ran a Quick Scan which didn't find anything. I disabled the avast shields and started combofix. Combofix installed a recovery console, and proceded to scan for malware. I got a few corrupt file warnings in the system tray while it scanned. The PC is old with 2 HDD raided together they're loud and may have HDD going bad so I might run Chkdsk and its been a while since I defragged. The files with the corrupt warning were "PEV.cfxxe" and "scxcacls.cfxxe" the first located in App Data folder and second in a temp folder. The PC rebooted and created the log:


ComboFix 11-02-15.01 - VanDorn 02/15/2011 17:00:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.641 [GMT -6:00]
Running from: c:\downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.

2011-02-15 22:41 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-15 22:41 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-15 22:41 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-15 22:41 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-15 22:41 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-15 22:41 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-15 22:41 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-15 22:41 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-15 22:41 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-15 06:05 . 2011-02-15 06:05 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-02-15 06:05 . 2011-02-15 06:05 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-02-12 21:43 . 2011-02-12 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-02-12 21:43 . 2011-02-12 21:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-12 21:40 . 2011-02-12 21:40 -------- d-----w- c:\documents and settings\VanDorn\Application Data\Malwarebytes
2011-02-12 21:40 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-12 21:40 . 2011-02-12 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-12 21:40 . 2011-02-12 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-12 21:40 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-12 18:11 . 2011-02-12 18:11 -------- d-----w- c:\documents and settings\VanDorn\Local Settings\Application Data\Apple Computer
2011-02-12 15:58 . 2011-02-12 15:58 135168 --sha-r- c:\windows\system32\wiasf8.dll
2011-01-30 20:57 . 2011-01-30 20:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 20:57 . 2011-01-30 20:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-28 21:47 . 2011-01-28 21:49 -------- d-----w- c:\documents and settings\VanDorn\Application Data\acccore
2011-01-28 21:47 . 2011-01-28 21:47 -------- d-----w- c:\documents and settings\VanDorn\Local Settings\Application Data\AIM
2011-01-28 21:47 . 2011-01-28 21:47 -------- d-----w- c:\documents and settings\VanDorn\Local Settings\Application Data\AOL
2011-01-28 21:46 . 2011-01-28 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2011-01-28 21:46 . 2011-01-28 21:46 -------- d-----w- c:\program files\AIM
2011-01-28 21:46 . 2011-01-28 21:46 -------- d-----w- c:\program files\Common Files\AOL
2011-01-26 06:15 . 2011-01-26 06:15 -------- d-----w- c:\program files\Quick Macros 2
2011-01-24 18:27 . 2011-02-06 09:37 -------- d-----w- c:\program files\AutoHotkey
2011-01-20 05:14 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-20 05:13 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-20 05:13 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-20 05:13 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-20 05:12 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-13 00:42 . 2010-11-21 22:54 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-15 00:31 . 2010-11-15 03:56 235248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-15 00:31 . 2009-10-15 01:05 235248 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-15 00:29 . 2010-11-15 03:57 137960 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-18 18:12 . 2009-08-22 04:52 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-05-30 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-04-04 774144]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
KODAK Picture Transfer Software.lnk - c:\program files\Kodak\KODAK Picture Transfer Software\pts.exe [2009-8-22 737280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2007-06-28 17:39 65536 ----a-w- c:\windows\system32\LogonDll.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\id Software\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\GtkRadiant 1.5.0\\GtkRadiant.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [6/28/2007 11:45 AM 131472]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/15/2011 4:41 PM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/15/2011 4:41 PM 17744]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [9/26/2010 12:50 AM 14976]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [3/18/2010 7:40 PM 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [8/12/2010 1:54 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
FF - ProfilePath - c:\documents and settings\VanDorn\Application Data\Mozilla\Firefox\Profiles\k2rxp2wp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 17:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\LogonDll.dll

- - - - - - - > 'explorer.exe'(2748)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\windows\system32\rundll32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\drivers\dcfssvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2011-02-15 17:08:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 23:08

Pre-Run: 171,040,866,304 bytes free
Post-Run: 170,904,047,616 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 72A73AF53F0F740D97AECB31C7627FA3




EDIT: Did some more testing, I added some of the web sites it redirects me to, to the hosts file. Tried some searches on Bing and every search result I clicked it redirected and since I added it to hosts file it failed to load anything though. So it seems it's not limited to just google / ask.com... I'm going to run Chkdsk and start defragging tonight before I go to bed.

Edited by PowerRAV, 15 February 2011 - 10:15 PM.


#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:27 PM

Posted 16 February 2011 - 12:24 AM

Hello

Combofix log doesn't look bad.

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
c:\windows\system32\wiasf8.dll
Click Submit/Send File
Please post back, to let me know the results.


If Jotti is too busy please try Virustotal


_______________

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Please post Jotti's results, TDSSKiller's log and Rootkit Unhooker's log back here :)

Edited by Baabiouz, 16 February 2011 - 12:25 AM.

Posted Image

#5 PowerRAV

PowerRAV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:27 AM

Posted 16 February 2011 - 01:10 AM

Hmm I tried Jotti and it says "Status: File is empty (0 bytes)!" when I try to upload it. Which is weird the file size is 132 kb. Maybe that means Jotti is over loaded? I tried Virustotal and it uploaded I'm guessing but didn't display any results just went back to the same page. I'll keep trying Jotti maybe it's just overloaded...



2011/02/15 23:59:10.0812 2156 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/15 23:59:11.0109 2156 ================================================================================
2011/02/15 23:59:11.0109 2156 SystemInfo:
2011/02/15 23:59:11.0109 2156
2011/02/15 23:59:11.0109 2156 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/15 23:59:11.0109 2156 Product type: Workstation
2011/02/15 23:59:11.0109 2156 ComputerName: OWNER-P07HXZ9H1
2011/02/15 23:59:11.0109 2156 UserName: VanDorn
2011/02/15 23:59:11.0109 2156 Windows directory: C:\WINDOWS
2011/02/15 23:59:11.0109 2156 System windows directory: C:\WINDOWS
2011/02/15 23:59:11.0109 2156 Processor architecture: Intel x86
2011/02/15 23:59:11.0109 2156 Number of processors: 2
2011/02/15 23:59:11.0109 2156 Page size: 0x1000
2011/02/15 23:59:11.0109 2156 Boot type: Normal boot
2011/02/15 23:59:11.0109 2156 ================================================================================
2011/02/15 23:59:12.0078 2156 !crdlk
2011/02/15 23:59:12.0250 2156 Initialize success
2011/02/15 23:59:16.0125 1460 ================================================================================
2011/02/15 23:59:16.0125 1460 Scan started
2011/02/15 23:59:16.0125 1460 Mode: Manual;
2011/02/15 23:59:16.0125 1460 ================================================================================
2011/02/15 23:59:17.0000 1460 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/02/15 23:59:17.0109 1460 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/15 23:59:17.0187 1460 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/15 23:59:17.0281 1460 aeaudio (5ca3873be2477f5dc0035e9ff9c7be0f) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/02/15 23:59:17.0328 1460 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/15 23:59:17.0390 1460 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/15 23:59:17.0453 1460 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/15 23:59:17.0593 1460 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/15 23:59:17.0734 1460 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/02/15 23:59:17.0765 1460 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/02/15 23:59:17.0781 1460 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/02/15 23:59:17.0812 1460 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/02/15 23:59:17.0906 1460 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/02/15 23:59:17.0937 1460 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/15 23:59:17.0984 1460 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/15 23:59:18.0078 1460 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/15 23:59:18.0109 1460 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/15 23:59:18.0156 1460 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/15 23:59:18.0234 1460 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/15 23:59:18.0265 1460 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/15 23:59:18.0312 1460 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/15 23:59:18.0343 1460 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/15 23:59:18.0390 1460 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/15 23:59:18.0484 1460 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
2011/02/15 23:59:18.0515 1460 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
2011/02/15 23:59:18.0578 1460 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2011/02/15 23:59:18.0625 1460 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
2011/02/15 23:59:18.0671 1460 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/02/15 23:59:18.0796 1460 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/02/15 23:59:18.0859 1460 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
2011/02/15 23:59:18.0906 1460 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
2011/02/15 23:59:18.0984 1460 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/02/15 23:59:19.0062 1460 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
2011/02/15 23:59:19.0093 1460 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
2011/02/15 23:59:19.0125 1460 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
2011/02/15 23:59:19.0156 1460 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
2011/02/15 23:59:19.0218 1460 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
2011/02/15 23:59:19.0250 1460 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
2011/02/15 23:59:19.0312 1460 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
2011/02/15 23:59:19.0359 1460 ctgame (b4f6b60feed3eb5f85be85e8fa4c0cc1) C:\WINDOWS\system32\DRIVERS\ctgame.sys
2011/02/15 23:59:19.0390 1460 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
2011/02/15 23:59:19.0406 1460 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/02/15 23:59:19.0468 1460 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
2011/02/15 23:59:19.0515 1460 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
2011/02/15 23:59:19.0546 1460 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/02/15 23:59:19.0640 1460 DcCam (fe36ee9430e8ef029edcf7b359caba3d) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2011/02/15 23:59:19.0687 1460 DcFpoint (e338da0b7700682d325433cd1ce50ec3) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2011/02/15 23:59:19.0703 1460 DCFS2K (eccc2486f680c599e54111e666e7ba21) C:\WINDOWS\system32\drivers\dcfs2k.sys
2011/02/15 23:59:19.0734 1460 DcLps (ccd2e14c7f093a5b72a74e286ec13ffb) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2011/02/15 23:59:19.0765 1460 DcPTP (810a4031a21eb0f574c50e78362d3c90) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2011/02/15 23:59:19.0812 1460 DeepFrz (019d8bd0fd80c88bc13cedc387de6ec0) C:\WINDOWS\system32\drivers\DeepFrz.sys
2011/02/15 23:59:19.0859 1460 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/15 23:59:19.0921 1460 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/15 23:59:19.0984 1460 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/15 23:59:20.0031 1460 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/15 23:59:20.0062 1460 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/15 23:59:20.0109 1460 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/15 23:59:20.0171 1460 EL2000 (c19b0367d5fc1f122e5267b6cea73451) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
2011/02/15 23:59:20.0218 1460 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/02/15 23:59:20.0296 1460 Exportit (8bc624b9daf22249cb27386b91a80841) C:\WINDOWS\system32\DRIVERS\exportit.sys
2011/02/15 23:59:20.0328 1460 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/15 23:59:20.0375 1460 fasttx2k (a18ee62f4c0a1eed93ef0babac8829a3) C:\WINDOWS\system32\drivers\fasttx2k.sys
2011/02/15 23:59:20.0406 1460 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/15 23:59:20.0453 1460 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/02/15 23:59:20.0468 1460 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/15 23:59:20.0500 1460 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/15 23:59:20.0546 1460 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/15 23:59:20.0578 1460 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/15 23:59:20.0609 1460 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/15 23:59:20.0640 1460 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/15 23:59:20.0687 1460 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/02/15 23:59:20.0765 1460 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/02/15 23:59:20.0796 1460 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/02/15 23:59:20.0875 1460 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/02/15 23:59:20.0906 1460 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
2011/02/15 23:59:20.0953 1460 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/15 23:59:21.0015 1460 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/15 23:59:21.0046 1460 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/15 23:59:21.0078 1460 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/15 23:59:21.0125 1460 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/15 23:59:21.0203 1460 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/15 23:59:21.0250 1460 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/15 23:59:21.0328 1460 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/15 23:59:21.0343 1460 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/15 23:59:21.0375 1460 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/15 23:59:21.0406 1460 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/15 23:59:21.0437 1460 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/15 23:59:21.0468 1460 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/15 23:59:21.0484 1460 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/15 23:59:21.0515 1460 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/15 23:59:21.0546 1460 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/15 23:59:21.0578 1460 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/15 23:59:21.0609 1460 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/15 23:59:21.0656 1460 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/15 23:59:21.0734 1460 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2011/02/15 23:59:21.0796 1460 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/02/15 23:59:22.0000 1460 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/02/15 23:59:22.0296 1460 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
2011/02/15 23:59:22.0375 1460 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/15 23:59:22.0406 1460 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/15 23:59:22.0437 1460 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/15 23:59:22.0484 1460 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/15 23:59:22.0515 1460 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/15 23:59:22.0562 1460 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/15 23:59:22.0625 1460 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/15 23:59:22.0687 1460 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/15 23:59:22.0718 1460 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/15 23:59:22.0750 1460 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/15 23:59:22.0765 1460 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/15 23:59:22.0796 1460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/15 23:59:22.0843 1460 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/15 23:59:22.0875 1460 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/15 23:59:22.0906 1460 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/15 23:59:22.0953 1460 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/15 23:59:22.0968 1460 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/15 23:59:23.0000 1460 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/15 23:59:23.0015 1460 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/15 23:59:23.0046 1460 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/15 23:59:23.0093 1460 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/15 23:59:23.0109 1460 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/15 23:59:23.0140 1460 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/15 23:59:23.0203 1460 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/15 23:59:23.0234 1460 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/15 23:59:23.0265 1460 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/15 23:59:23.0328 1460 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/15 23:59:23.0593 1460 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/15 23:59:23.0953 1460 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/15 23:59:24.0015 1460 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/15 23:59:24.0046 1460 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/15 23:59:24.0109 1460 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/02/15 23:59:24.0156 1460 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/15 23:59:24.0171 1460 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/15 23:59:24.0218 1460 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/15 23:59:24.0250 1460 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/15 23:59:24.0296 1460 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/15 23:59:24.0328 1460 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/15 23:59:24.0500 1460 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/15 23:59:24.0515 1460 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/15 23:59:24.0546 1460 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/15 23:59:24.0578 1460 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/15 23:59:24.0703 1460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/15 23:59:24.0718 1460 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/15 23:59:24.0750 1460 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/15 23:59:24.0781 1460 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/15 23:59:24.0812 1460 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/15 23:59:24.0828 1460 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/15 23:59:24.0859 1460 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/15 23:59:24.0906 1460 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/15 23:59:25.0000 1460 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
2011/02/15 23:59:25.0031 1460 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/15 23:59:25.0062 1460 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/15 23:59:25.0093 1460 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/15 23:59:25.0156 1460 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/15 23:59:25.0218 1460 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/15 23:59:25.0281 1460 smwdm (93ac8c21497d92004404dc1a2b6c0fb3) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/15 23:59:25.0359 1460 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/15 23:59:25.0437 1460 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/15 23:59:25.0515 1460 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/15 23:59:25.0562 1460 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/15 23:59:25.0593 1460 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/15 23:59:25.0640 1460 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/15 23:59:25.0734 1460 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/15 23:59:25.0812 1460 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/15 23:59:25.0828 1460 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/15 23:59:25.0859 1460 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/15 23:59:25.0875 1460 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/15 23:59:25.0968 1460 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/02/15 23:59:26.0046 1460 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/15 23:59:26.0125 1460 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/15 23:59:26.0203 1460 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/15 23:59:26.0234 1460 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/15 23:59:26.0250 1460 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/15 23:59:26.0296 1460 UsbFltr (ca349e24ecde0e0005dac5a2dc9931a2) C:\WINDOWS\system32\drivers\copperhd.sys
2011/02/15 23:59:26.0312 1460 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/15 23:59:26.0343 1460 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/15 23:59:26.0375 1460 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/15 23:59:26.0406 1460 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/15 23:59:26.0437 1460 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/15 23:59:26.0468 1460 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/02/15 23:59:26.0484 1460 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/15 23:59:26.0531 1460 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/15 23:59:26.0578 1460 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/15 23:59:26.0625 1460 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/15 23:59:26.0750 1460 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/15 23:59:26.0796 1460 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/15 23:59:26.0828 1460 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/15 23:59:27.0000 1460 ================================================================================
2011/02/15 23:59:27.0000 1460 Scan finished
2011/02/15 23:59:27.0000 1460 ================================================================================



And heres RKUnhooker:



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF62DD000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 10235904 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6434816 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 197.45 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xEE7BD000 C:\WINDOWS\system32\drivers\ha10kx2k.sys 1089536 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xEE3FC000 C:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xED8AB000 C:\WINDOWS\System32\drivers\CTSBLFX.SYS 581632 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0xF7337000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xED965000 C:\WINDOWS\System32\drivers\CTAUDFX.SYS 569344 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0xF60EA000 C:\WINDOWS\system32\drivers\smwdm.sys 557056 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF6201000 C:\WINDOWS\system32\drivers\ctaud2k.sys 524288 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xEB6C7000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF45C9000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEB05B000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB80B2000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xEB680000 C:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7E41000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEB173000 C:\WINDOWS\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0xF6186000 C:\WINDOWS\system32\drivers\ctoss2k.sys 212992 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xEE78E000 C:\WINDOWS\system32\drivers\emupia2k.sys 192512 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xF7494000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB8132000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF730A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEE8C7000 C:\WINDOWS\system32\drivers\hap16v2k.sys 176128 bytes (Creative Technology Ltd, Creative EMU10KX-P16v HAL (WDM))
0xB858C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEB148000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEE498000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xEB00D000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEB659000 C:\WINDOWS\System32\Drivers\dump_fasttx2k.sys 159744 bytes
0xF7425000 fasttx2k.sys 159744 bytes (Promise Technology, Inc., Promise Driver for Windows XP)
0xEB035000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6281000 C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys 147456 bytes (3Com Corporation, 3Com 3C2000 NDIS 5.1 Miniport Driver)
0xF61DD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF62A5000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF61BA000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEB1A8000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEB0E7000 C:\WINDOWS\system32\DRIVERS\EXPORTIT.SYS 135168 bytes (Eastman Kodak Company, Kodak DC File System driver)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73ED000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF72D1000 DeepFrz.sys 126976 bytes (Faronics Corporation, Deep Freeze 6 driver)
0xF7464000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xED9F0000 C:\WINDOWS\System32\drivers\COMMONFX.SYS 110592 bytes (Creative Technology Ltd, Creative Common FX Plug-in)
0xF72F0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF5381000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF744C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF740D000 C:\WINDOWS\system32\drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB8721000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF73C4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF46E3000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB831F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6172000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF62C9000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEB0B4000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF73DB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7483000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF46D2000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF5447000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7633000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7583000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF74F3000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7603000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xEE706000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF75F3000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7643000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF76D3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF4E94000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7503000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7543000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xEE756000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF54A7000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7523000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF5487000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7553000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7753000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7623000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7513000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF5497000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xEE726000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF74E3000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF5427000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF5467000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xEE746000 C:\WINDOWS\system32\DRIVERS\DcCam.sys 36864 bytes (Eastman Kodak Company, Kodak Digital Camera Driver)
0xEE629000 C:\WINDOWS\system32\drivers\dcfs2k.sys 36864 bytes (Eastman Kodak Company, Kodak DC File System Driver (NT))
0xF7533000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEE6AD000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF75C3000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF5477000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEE6F6000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB7EEA000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xEE716000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF783B000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xF0980000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78E3000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77DB000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7863000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xEE0CF000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7763000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEE0BF000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xEE0AF000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xEE37B000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xEE0B7000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF78DB000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78EB000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77AB000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xEE09F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF0960000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF78BB000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF781B000 C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0xEE097000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF776B000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78CB000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78D3000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78C3000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77F3000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB82D3000 C:\WINDOWS\system32\drivers\cpuz132_x32.sys 16384 bytes (Windows ® Codename Longhorn DDK provider, CPUID Driver)
0xF72A1000 C:\WINDOWS\System32\Drivers\dump_diskdump.sys 16384 bytes
0xEDAA8000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xEDAB0000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7993000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEDA9C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB808A000 C:\WINDOWS\system32\Drivers\SBKUPNT.SYS 16384 bytes
0xF72A5000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xEDAB8000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF79D3000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF78F3000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEDF8A000 C:\WINDOWS\system32\drivers\copperhd.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Diamondback USB Optical Mouse Driver)
0xF72AD000 C:\WINDOWS\system32\DRIVERS\ctgame.sys 12288 bytes (Creative Technology Ltd., Creative Game Port Enumerator)
0xF6CB0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEDF86000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xEDAB4000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7983000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEDAA0000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A49000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A59000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79E3000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A57000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A1B000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7A5B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A1D000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A47000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF79E5000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C14000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C2B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xED8AA000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7AAB000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:27 PM

Posted 16 February 2011 - 01:25 AM

Hello

I think we can just delete the file.

Here are next instructions.

Step #1
View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK


Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

c:\windows\system32\wiasf8.dll


- after deleting hide the hidden files and folders.

Step #2
Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.


Step #3
- Run Malwarebytes' Anti-malware.
- On update -tab click Check for updates and update Mbam.
- On Scanner tab, checkmark Perform full scanand do full scan.
- Save the report and post it in your next reply.


Step #4
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Step #5
Please post:
Mbam results
Eset results

How's PC working?
Posted Image

#7 PowerRAV

PowerRAV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:27 AM

Posted 16 February 2011 - 01:44 AM

Deleting that wiasf8.dll isn't so easy... I tried deleting before and again now, when I delete and click yes to confirm I get a "Error Deleting File or Folder" window, with "Cannot delete wiasf8: Access is denied. Make sure the disk is not full or write protected and that the file is not currently in use." I've tried going to properties unchecking read-only but when I select Apply or Ok I get another window: "Error Applying Attributes"... "An error occured applying the attributes of the file: C:\WINDOWS\system32\wiasf8.dll Access is denied." With the options to Ignore / Ignore All / Retry / Cancel. Also the hidden box is grayed out can't uncheck it either. I tried in safe mode as well so I don't know if it's still in use or if it's some kind of Permissions not letting me delete it. I'll go ahead with the ATF-Cleaner and ESET scan in a second and will edit post.

EDIT: Updated Malwarebytes and running full scan now. As for the "How's PC working?" I forgot to mention firefox seems to have a delay when starting it up first time after rebooting. Don't remember this delay before could be from installing antivirus though.

Edited by PowerRAV, 16 February 2011 - 01:49 AM.


#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:27 PM

Posted 16 February 2011 - 02:05 AM

Hello

Let's use OTL to remove the file.


  • Download OTL.exe here and save to your desktop.
  • Please open Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :files
    C:\WINDOWS\system32\wiasf8.dll
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Posted Image

#9 PowerRAV

PowerRAV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:27 AM

Posted 16 February 2011 - 02:32 AM

Interesting I had malwarebytes finish scanning before I ran the OTL and malwarebytes found something this time. It removed it and rebooted the PC to finish but after rebooting Avast showed a ! from the web shield being turned off. No idea why that one shield was off after rebooting if I ever disable the shields I did all of them at a time. Anyway heres that mbam log and OTL log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5770

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/16/2011 1:21:18 AM
mbam-log-2011-02-16 (01-21-18).txt

Scan type: Full scan (C:\|)
Objects scanned: 208901
Time elapsed: 32 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{7c530335-1863-4604-bcd9-9ddcad1cb613}\rp1\a0003089.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.




And heres OTL Log:




========== FILES ==========
C:\WINDOWS\system32\wiasf8.dll moved successfully.

OTL by OldTimer - Version 3.2.20.6 log created on 02162011_012718



EDIT: Something else interesting, just tested by searching AVG and clicking avg.com in google/bing/ask on firefox and no redirects but when I opened IE it asked if I would like to make IE the default browser not sure why it did that, unless it was from running ATF-Cleaner or something might of cleared that setting. Tested searching avg also on IE and no redirects this is looking better and better.

Edited by PowerRAV, 16 February 2011 - 02:38 AM.


#10 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:27 PM

Posted 16 February 2011 - 02:38 AM

Hello
Did you turn avast webshield on?

Next the eset online scanner.
Posted Image

#11 PowerRAV

PowerRAV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:27 AM

Posted 16 February 2011 - 03:57 AM

Yes, I turned web shield on as soon as I noticed the ! it just seemed odd that one shield was disabled after rebooting. Eset took about an hour to scan probably didn't help that I was surfing some other forums while it was scanning. It didn't find anything so it didn't let me export a log but it says "Scanned Files: 76137." Going to bed for now will let it defrag over night and I'll check back tomorrow afternoon. Thanks for all the help your giving me Baabiouz :D

#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:27 PM

Posted 16 February 2011 - 05:23 AM

Hello

Looks good then, we are almost done. Let's have a look at OTL log:

We need to create an OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Posted Image

#13 PowerRAV

PowerRAV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:27 AM

Posted 16 February 2011 - 04:51 PM

Thats kind of odd ran scan twice with no Extras.txt showing up. Not minimised or anywhere just creates a OTL.txt, pretty sure I didn't change any other settings. "Extra Registry" was on "None" so I put it on "Use Safelist" for the third try and got a extras.txt this time.

OTL logfile created on: 2/16/2011 3:46:47 PM - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\VanDorn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.57 Gb Total Space | 158.88 Gb Free Space | 71.06% Space Free | Partition Type: NTFS

Computer Name: OWNER-P07HXZ9H1 | User Name: VanDorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\VanDorn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\drivers\dcfssvc.exe (Eastman Kodak Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\VanDorn\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ctagent.dll (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (DF5Serv) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe (Faronics Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (Dcfssvc) -- C:\WINDOWS\system32\drivers\dcfssvc.exe (Eastman Kodak Company)


========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctgame) -- C:\WINDOWS\system32\drivers\ctgame.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTERFXFX.SYS) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (CTERFXFX) -- C:\WINDOWS\system32\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV - (CTSBLFX.SYS) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (CTSBLFX) -- C:\WINDOWS\system32\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV - (CTAUDFX.SYS) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (CTAUDFX) -- C:\WINDOWS\system32\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV - (COMMONFX.SYS) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (COMMONFX) -- C:\WINDOWS\system32\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (cpuz132) -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys (Windows ® Codename Longhorn DDK provider)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (DeepFrz) -- C:\WINDOWS\System32\drivers\DeepFrz.sys (Faronics Corporation)
DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (UsbFltr) -- C:\WINDOWS\system32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\fasttx2k.sys (Promise Technology, Inc.)
DRV - (EL2000) -- C:\WINDOWS\system32\drivers\EL2K_XP.sys (3Com Corporation)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)
DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)
DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)
DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)
DRV - (hidgame) -- C:\WINDOWS\system32\drivers\hidgame.sys (Microsoft Corporation)
DRV - (SBKUPNT) -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-606747145-1604221776-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKU\S-1-5-21-606747145-1604221776-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/20 19:40:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/12 18:46:52 | 000,000,000 | ---D | M]

[2009/08/22 01:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\VanDorn\Application Data\Mozilla\Extensions
[2011/02/15 17:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\VanDorn\Application Data\Mozilla\Firefox\Profiles\k2rxp2wp.default\extensions
[2010/05/30 14:13:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\VanDorn\Application Data\Mozilla\Firefox\Profiles\k2rxp2wp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/15 17:46:47 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\VanDorn\Application Data\Mozilla\Firefox\Profiles\k2rxp2wp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/13 11:22:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\VanDorn\Application Data\Mozilla\Firefox\Profiles\k2rxp2wp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/02/14 02:46:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\VanDorn\Application Data\Mozilla\Firefox\Profiles\k2rxp2wp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/08 00:26:23 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\VanDorn\Application Data\Mozilla\Firefox\Profiles\k2rxp2wp.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/05/29 01:12:44 | 000,000,000 | ---D | M] (Quake Live Map Manager) -- C:\Documents and Settings\VanDorn\Application Data\Mozilla\Firefox\Profiles\k2rxp2wp.default\extensions\qlmapmngr@gmail.com
[2011/02/15 17:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/16 13:19:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/06/01 17:03:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/15 17:05:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk = C:\Program Files\KODAK\KODAK Picture Transfer Software\PTS.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1604221776-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606747145-1604221776-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-606747145-1604221776-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-606747145-1604221776-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264270295718 (WUWebControl Class)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/chatsource/ImlCID.cab (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - LogonDll.dll - C:\WINDOWS\System32\LogonDll.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\VanDorn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\VanDorn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/21 22:53:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/16 15:35:33 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\VanDorn\Desktop\OTL.exe
[2011/02/16 15:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VanDorn\Desktop\logs
[2011/02/16 01:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/16 01:27:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/16 00:28:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\VanDorn\Recent
[2011/02/15 21:31:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/15 16:59:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/15 16:56:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/15 16:56:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/15 16:56:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/15 16:56:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/15 16:56:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/15 16:56:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/15 16:41:56 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/15 16:41:56 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/15 16:41:56 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/15 16:41:56 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/15 16:41:56 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/15 16:41:56 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/15 16:41:56 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/15 16:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/02/15 16:41:45 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/15 16:41:45 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/15 00:05:42 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/02/15 00:05:42 | 000,056,400 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/02/12 15:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/12 15:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/12 15:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/02/12 15:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VanDorn\Application Data\Malwarebytes
[2011/02/12 15:40:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/12 15:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/12 15:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/12 15:40:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/12 15:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/12 12:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\Apple Computer
[2011/01/28 15:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VanDorn\Application Data\acccore
[2011/01/28 15:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\AOL
[2011/01/28 15:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\AIM
[2011/01/28 15:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/01/28 15:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2011/01/28 15:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2011/01/28 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2011/01/26 00:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quick Macros 2
[2011/01/26 00:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Macros 2
[2011/01/26 00:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VanDorn\My Documents\My QM
[2011/01/24 12:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey
[2011/01/24 12:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/01/19 23:14:01 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/01/19 23:13:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/01/19 23:13:19 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/01/19 23:13:19 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/01/19 23:12:54 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/03/18 18:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/16 01:51:56 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/16 01:26:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VanDorn\Desktop\OTL.exe
[2011/02/16 01:23:12 | 000,276,951 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/02/16 01:21:54 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000D-00001102-00000004-10071102}.rfx
[2011/02/16 01:21:54 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000D-00001102-00000004-10071102}.rfx
[2011/02/16 01:21:54 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000D-00001102-00000004-10071102}.rfx
[2011/02/16 01:21:54 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000004-10071102}.rfx
[2011/02/16 01:21:54 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000D-00001102-00000004-10071102}.rfx
[2011/02/16 01:21:35 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000D-00001102-00000004-10071102}.CDF
[2011/02/16 01:21:35 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000D-00001102-00000004-10071102}.BAK
[2011/02/15 17:05:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/15 17:05:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/15 17:05:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/02/15 16:59:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/15 16:41:56 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/02/15 16:41:56 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/02/15 01:45:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\VanDorn\defogger_reenable
[2011/02/15 00:53:19 | 000,004,564 | ---- | M] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110215_005317.reg
[2011/02/15 00:05:42 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/02/15 00:05:42 | 000,056,400 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/02/14 23:58:28 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/02/14 23:55:26 | 000,238,076 | ---- | M] () -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\census.cache
[2011/02/14 23:55:17 | 000,176,680 | ---- | M] () -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\ars.cache
[2011/02/14 22:37:24 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\housecall.guid.cache
[2011/02/14 02:42:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/12 18:42:54 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/12 17:26:37 | 000,005,362 | ---- | M] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110212_172635.reg
[2011/02/12 16:25:47 | 000,663,679 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.backup2
[2011/02/12 15:43:29 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\VanDorn\Desktop\Spybot - Search & Destroy.lnk
[2011/02/12 15:40:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 03:41:57 | 000,002,050 | ---- | M] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110131_034154.reg
[2011/01/29 23:15:50 | 000,003,448 | ---- | M] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110129_231548.reg
[2011/01/28 15:47:01 | 000,000,468 | -H-- | M] () -- C:\IPH.PH
[2011/01/24 12:29:00 | 000,020,400 | ---- | M] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110124_122857.reg
[2011/01/20 00:30:26 | 000,128,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/19 23:19:11 | 000,457,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/19 23:19:11 | 000,076,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/19 14:15:09 | 000,008,800 | ---- | M] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110119_141507.reg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/16 01:21:35 | 004,931,577 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-0000000D-00001102-00000004-10071102}.BAK
[2011/02/15 16:59:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/15 16:59:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/15 16:56:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/15 16:56:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/15 16:56:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/15 16:56:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/15 16:56:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/15 16:41:56 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/02/15 01:45:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\VanDorn\defogger_reenable
[2011/02/15 00:53:18 | 000,004,564 | ---- | C] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110215_005317.reg
[2011/02/14 23:58:28 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2011/02/14 23:55:26 | 000,238,076 | ---- | C] () -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\census.cache
[2011/02/14 23:55:17 | 000,176,680 | ---- | C] () -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\ars.cache
[2011/02/14 22:37:24 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\housecall.guid.cache
[2011/02/12 17:26:36 | 000,005,362 | ---- | C] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110212_172635.reg
[2011/02/12 15:43:29 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\VanDorn\Desktop\Spybot - Search & Destroy.lnk
[2011/02/12 15:40:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 03:41:56 | 000,002,050 | ---- | C] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110131_034154.reg
[2011/01/29 23:15:49 | 000,003,448 | ---- | C] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110129_231548.reg
[2011/01/28 15:46:25 | 000,000,468 | -H-- | C] () -- C:\IPH.PH
[2011/01/24 12:28:59 | 000,020,400 | ---- | C] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110124_122857.reg
[2011/01/19 14:15:09 | 000,008,800 | ---- | C] () -- C:\Documents and Settings\VanDorn\My Documents\cc_20110119_141507.reg
[2010/11/21 16:54:53 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/14 21:57:07 | 000,137,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/09/26 00:50:07 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2010/09/26 00:50:00 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2010/03/18 18:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 18:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 18:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/01 21:54:03 | 000,000,904 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2010/03/01 21:54:03 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2010/03/01 21:54:03 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Q3CDKey.ini
[2010/02/01 17:47:54 | 000,000,338 | ---- | C] () -- C:\WINDOWS\d3xp.ini
[2010/01/23 19:58:46 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/01/07 13:30:02 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/11/07 17:55:16 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/02 21:52:11 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/29 19:06:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/26 22:11:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll
[2009/08/23 02:51:21 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\VanDorn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/22 03:03:22 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/22 03:03:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/22 03:03:20 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/22 03:03:20 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/22 03:03:19 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/22 03:03:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/22 01:53:49 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/22 01:53:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/08/21 23:15:23 | 000,003,317 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/21 23:15:22 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/21 16:40:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/08 14:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2007/11/18 15:22:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\imlCID.dll
[2007/08/13 19:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2003/06/03 03:28:38 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ptipbmf.dll

< End of report >



And heres extras.txt:





OTL Extras logfile created on: 2/16/2011 3:46:47 PM - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\VanDorn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 493.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.57 Gb Total Space | 158.88 Gb Free Space | 71.06% Space Free | Partition Type: NTFS

Computer Name: OWNER-P07HXZ9H1 | User Name: VanDorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\id Software\Quake III Arena\quake3.exe" = C:\Program Files\id Software\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Quake III Arena\quake3.exe" = C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\Program Files\GtkRadiant 1.5.0\GtkRadiant.exe" = C:\Program Files\GtkRadiant 1.5.0\GtkRadiant.exe:*:Enabled:GtkRadiant -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51661BCF-F22A-11D4-82B4-00500494EF5C}" = KODAK Picture Software
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{884CE4D3-71D7-494A-8206-1317201AAE04}" = KODAK Camera Connection Software Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EC2F741D-308C-42B4-BD04-9A4853F2E402}" = GtkRadiant 1.5.0
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F90DA605-4E92-11D4-A319-00104BCAB4AB}" = KODAK Picture Transfer Software
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FE117AA8-6CF3-4F2D-96C9-CAE35C309704}" = KODAK Camera Connection Software
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"AudioCS" = Creative Audio Console
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"Free Registry Defrag_is1" = Free Registry Defrag
"Guild Wars" = Guild Wars
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Full)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Quake3UninstallKey_is1" = Quake III: Arena
"Quick Macros_is1" = Quick Macros 2
"quicktime_lite_is1" = QT Lite 4.0.0
"RealAlt_is1" = Real Alternative 2.0.1
"SMAC 2.0" = SMAC 2.0
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2010 10:20:56 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Bonjour Service | ID = 100
Description =

Error - 4/8/2010 10:20:56 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Bonjour Service | ID = 100
Description =

Error - 4/11/2010 10:49:59 AM | Computer Name = OWNER-P07HXZ9H1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2010 12:22:36 AM | Computer Name = OWNER-P07HXZ9H1 | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 1.2.1008.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/18/2010 12:45:20 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2010 10:55:46 AM | Computer Name = OWNER-P07HXZ9H1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/23/2010 4:34:07 AM | Computer Name = OWNER-P07HXZ9H1 | Source = Application Error | ID = 1000
Description = Faulting application gw.exe, version 1.0.0.1, faulting module ntdll.dll,
version 5.1.2600.5755, fault address 0x000118b5.

Error - 5/23/2010 4:34:23 AM | Computer Name = OWNER-P07HXZ9H1 | Source = Application Hang | ID = 1002
Description = Hanging application AutoIt3.exe, version 3.3.6.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/3/2010 4:36:38 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.200.2, faulting module
java.dll, version 6.0.200.2, fault address 0x00005875.

Error - 6/10/2010 4:36:34 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.200.2, faulting module
java.dll, version 6.0.200.2, fault address 0x00005875.

[ System Events ]
Error - 2/15/2011 11:31:20 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 2/15/2011 11:31:20 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/15/2011 11:31:20 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswRdr aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
truecrypt

Error - 2/15/2011 11:36:00 PM | Computer Name = OWNER-P07HXZ9H1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/15/2011 11:38:37 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Service Control Manager | ID = 7034
Description = The DF5Serv service terminated unexpectedly. It has done this 1 time(s).

Error - 2/15/2011 11:38:37 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 2/15/2011 11:38:37 PM | Computer Name = OWNER-P07HXZ9H1 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/16/2011 3:25:18 AM | Computer Name = OWNER-P07HXZ9H1 | Source = Service Control Manager | ID = 7034
Description = The DF5Serv service terminated unexpectedly. It has done this 1 time(s).

Error - 2/16/2011 3:25:53 AM | Computer Name = OWNER-P07HXZ9H1 | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 2/16/2011 3:25:55 AM | Computer Name = OWNER-P07HXZ9H1 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

#14 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:27 PM

Posted 17 February 2011 - 01:33 AM

Hello

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
(At installing Zonealarm, please uncheck this option "include a ZoneAlarm Spy Blocker...". The Toolbar is not recommended... You can read more about it here.)
2) Agnitum
3) Sunbelt/Kerio
4) Comodo
(at installing Comodo, please uncheck these options: "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage". If you use another antivirus, please uncheck "Install Comodo Antivirus".)
5) Online-Armor Free

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.


---------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


-----------

Looks clean, great job! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Hide system files

  • Open My Computer.
  • Go to Tools > Folder Options.
  • Select the View tab.
  • Scroll down to Hidden files and folders.
  • Select Do not show hidden files and folders.
  • Check (tick) Hide extensions of known file types.
  • Check (tick) Hide protected operating system files (Recommended).
  • Click OK.
  • Close My Computer.

Create a new, clean System Restore point

  • Click on Start > All Programs > Accessories > System Tools > System Restore.
  • On the Welcome Page, select Create a restore point. Click Next.
  • Give this restore point a descriptive name and click Create.
  • When done, click Close.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


Clear infected System Restore points

  • Click on Start > All Programs > Accessories > System Tools > Disk Cleanup.
  • Select C drive and click OK.
  • Select the More Options tab.
  • Under System Restore, click on Clean up....
  • You will be prompted. Click Yes.
  • When done, click OK.
  • You will be prompted again. Press Yes to confirm.
  • When done, Disk Cleanup will close automatically.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update
Office Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

  • Go to Start > Control Panel > Automatic Updates
  • Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  • Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  • Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, please refer to this website to learn how to secure Internet Explorer 6.

To secure Internet Explorer 7, please read this article.


Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  • Spyware Blaster
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from Javacool.

    If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.

  • Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  • Malwarebytes RogueNET Bleeping Computer
    Before downloading any anti-spyware programs, always check it. This will save you from a lot of trouble. If in doubt, don't ever download it.

Here are some more things to read about:

Securing Skype
Greater email safety
Phishing - what is it?
80 Super Security Tips

Happy surfing and stay clean!
Posted Image

#15 PowerRAV

PowerRAV
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:27 AM

Posted 17 February 2011 - 03:26 AM

Updated Java, Updated Windows, Ran OTCleanit, Installed Zonealarm firewall and installed spywareblaster. Redirect problem solved and computer runs great for a 4+ year old PC, thanks for all the help Baabiouz. Can close thread now I should be all set.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users