Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost 100%


  • This topic is locked This topic is locked
26 replies to this topic

#1 oblivion8743

oblivion8743

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 19 July 2011 - 03:40 PM

These past few weeks, I've noticed that svchost is at 100% every now and then, causing my computer to run slow. Each time i run a virus scan, it finds something and deletes it and the computer is fine, that is until I restart my computer. Then the problems reappears. I also notice occasional redirects in my browser. When I scan for viruses, it deletes the files in C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\f7zzxxz8.default\extensions

Here are my logs

DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by XP at 12:40:15 on 2011-07-19
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.2047.1267 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ActiveArmor Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Planex\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\XP\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=15179&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://yahoo.com/
uProxyServer = hxxp=127.0.0.1:51111
uProxyOverride = <local>;*.local
BHO: <No Name>: {01B23E46-FCAE-4DD5-8E44-D9AD14EC3FE9} - c:\windows\system32\AsIO32.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: cca6fd1: {814D1DDA-BA89-9BBE-3213-F089245043B8} - c:\windows\system32\iasacct32.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - c:\program files\flashget\getflash.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Veoh Browser Plug-in: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: SYSTRAN Toolbar: {95daa571-4def-4a6d-97d8-98a346672a24} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Turtle Beach Riviera] "c:\program files\turtle beach\riviera\TBRivieraTray.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\xp\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\planex~1.lnk - c:\program files\planex\common\RaUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Download All with FlashGet - <no file>
IE: &Download with FlashGet - <no file>
IE: &Winamp Toolbar Search - <no file>
IE: Customize Menu - <no file>
IE: E&xport to Microsoft Excel - <no file>
IE: Fill Forms - <no file>
IE: Google Sidewiki... - <no file>
IE: RoboForm Toolbar - <no file>
IE: Save Forms - <no file>
IE: SYSTRAN Lookup - <no file>
IE: SYSTRAN Translate - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - c:\program files\atlas v14\Atlscript.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0F17863D-64A0-460F-9A02-C83027E7C363} : NameServer = 8.8.8.8
TCP: Interfaces\{3A493607-DA64-40FB-8F41-5EC79B31F7DB} : DHCPNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{CD11725B-C674-439A-923E-35B264C645D1} : NameServer = 8.8.8.8
TCP: Interfaces\{CD11725B-C674-439A-923E-35B264C645D1} : DHCPNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\xp\application data\mozilla\firefox\profiles\f7zzxxz8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mangaupdates.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51111
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-7-27 13696]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-4 21992]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\planex\common\RalinkRegistryWriter.exe [2010-2-18 75040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-12-1 24652]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [2009-6-22 15104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-14 1684736]
S3 ByakkoDriver;ByakkoDriver;\??\c:\docume~1\xp\locals~1\temp\321661375.03-14-2010 --> c:\docume~1\xp\locals~1\temp\321661375.03-14-2010 [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\xp\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\xp\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\gunz\gameguard\dump_wmimmc.sys --> c:\ijji\english\gunz\gameguard\dump_wmimmc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2010-1-16 36928]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2010-2-18 16512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva309;XDva309;\??\c:\windows\system32\xdva309.sys --> c:\windows\system32\XDva309.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]
.
=============== File Associations ===============
.
FileExt: .txt: UltraEdit.txt=notepad.exe %1
FileExt: .ini: UltraEdit.ini=notepad.exe %1
.
=============== Created Last 30 ================
.
2011-06-24 20:31:32 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-06-23 23:39:28 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-23 23:36:55 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-23 23:36:49 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll
2011-06-23 23:36:46 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-23 23:36:38 81920 -c----w- c:\windows\system32\dllcache\isign32.dll
2011-06-23 23:36:37 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-23 23:36:19 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-06-23 23:36:13 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll
2011-06-23 23:35:40 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-06-23 23:35:34 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2011-06-23 23:35:09 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-23 23:25:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-23 23:23:24 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-23 23:23:24 215920 ----a-w- c:\windows\system32\muweb.dll
2011-06-23 23:23:24 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-23 06:40:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-23 06:40:16 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-23 06:40:16 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-23 06:40:16 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-23 06:40:16 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-23 06:40:16 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-23 06:40:16 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-23 06:40:16 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
.
==================== Find3M ====================
.
2011-06-16 22:06:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 04:39:12 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2011-06-14 04:39:00 3038 ----a-w- C:\fix_svchost.bat
2011-06-14 04:37:53 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2011-06-11 21:40:37 0 ---ha-w- c:\documents and settings\xp\qvlzrkcvoj.tmp
2011-06-11 20:47:22 175616 ----a-w- c:\windows\system32\iasacct32.dll
2011-06-11 20:47:17 350720 ----a-w- c:\windows\system32\AsIO32.dll
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2001-06-21 00:19:18 40960 ----a-w- c:\program files\ACMonitor_X83.exe
.
============= FINISH: 12:41:36.60 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-07-14.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/27/2007 10:08:54 PM
System Uptime: 7/19/2011 12:16:10 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78 PLUS
Processor: AMD Phenom™ II X2 550 Processor | AM2 | 3108/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 153 GiB total, 29.458 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP101: 3/28/2011 11:45:42 AM - System Checkpoint
RP102: 3/29/2011 11:54:45 AM - System Checkpoint
RP103: 3/31/2011 02:21:34 AM - System Checkpoint
RP104: 4/2/2011 02:00:10 AM - System Checkpoint
RP105: 4/4/2011 07:54:04 AM - System Checkpoint
RP106: 4/5/2011 06:58:32 PM - System Checkpoint
RP107: 4/6/2011 11:32:57 PM - System Checkpoint
RP108: 4/7/2011 11:57:23 PM - System Checkpoint
RP109: 4/9/2011 02:04:15 AM - System Checkpoint
RP110: 4/10/2011 11:35:38 AM - System Checkpoint
RP111: 4/11/2011 12:05:47 PM - System Checkpoint
RP112: 4/12/2011 01:05:47 PM - System Checkpoint
RP113: 4/13/2011 01:06:41 PM - System Checkpoint
RP114: 4/14/2011 02:01:45 PM - System Checkpoint
RP115: 4/15/2011 03:01:44 PM - System Checkpoint
RP116: 4/16/2011 03:02:50 PM - System Checkpoint
RP117: 4/17/2011 11:22:36 PM - System Checkpoint
RP118: 4/18/2011 11:49:22 PM - System Checkpoint
RP119: 4/20/2011 12:37:32 AM - System Checkpoint
RP120: 4/21/2011 01:21:08 AM - System Checkpoint
RP121: 4/22/2011 02:02:47 AM - System Checkpoint
RP122: 4/23/2011 02:13:09 AM - System Checkpoint
RP123: 4/24/2011 03:02:38 AM - System Checkpoint
RP124: 4/25/2011 01:15:25 PM - System Checkpoint
RP125: 4/26/2011 02:14:26 PM - System Checkpoint
RP126: 4/27/2011 02:14:32 PM - System Checkpoint
RP127: 4/28/2011 02:18:07 PM - System Checkpoint
RP128: 4/29/2011 03:18:06 PM - System Checkpoint
RP129: 4/30/2011 03:39:26 PM - System Checkpoint
RP130: 5/1/2011 08:41:20 AM - Installed Prototype™
RP131: 5/1/2011 10:01:35 AM - Removed Prototype™
RP132: 5/2/2011 10:27:04 AM - System Checkpoint
RP133: 5/3/2011 11:17:07 AM - System Checkpoint
RP134: 5/4/2011 06:20:42 PM - Removed League of Legends
RP135: 5/4/2011 07:05:06 PM - Installed League of Legends
RP136: 5/5/2011 07:45:59 PM - System Checkpoint
RP137: 5/7/2011 02:16:52 AM - System Checkpoint
RP138: 5/8/2011 08:03:09 PM - System Checkpoint
RP139: 5/9/2011 08:05:24 PM - Installed iTunes
RP140: 5/11/2011 11:23:00 PM - System Checkpoint
RP141: 5/12/2011 07:01:19 PM - Removed League of Legends
RP142: 5/12/2011 07:44:13 PM - Installed League of Legends
RP143: 5/13/2011 08:12:16 PM - Removed League of Legends
RP144: 5/13/2011 08:41:14 PM - Installed League of Legends
RP145: 5/15/2011 02:06:33 AM - System Checkpoint
RP146: 5/16/2011 07:26:32 AM - System Checkpoint
RP147: 5/17/2011 11:48:42 PM - System Checkpoint
RP148: 5/18/2011 06:48:05 PM - Removed League of Legends
RP149: 5/18/2011 07:32:20 PM - Installed League of Legends
RP150: 5/20/2011 12:26:14 AM - System Checkpoint
RP151: 5/22/2011 11:26:12 AM - System Checkpoint
RP152: 5/23/2011 12:21:19 PM - System Checkpoint
RP153: 5/24/2011 01:21:19 PM - System Checkpoint
RP154: 5/25/2011 01:31:14 PM - System Checkpoint
RP155: 5/26/2011 02:31:14 PM - System Checkpoint
RP156: 5/26/2011 09:22:13 PM - Removed League of Legends
RP157: 5/26/2011 09:58:59 PM - Installed League of Legends
RP158: 5/28/2011 02:58:38 AM - System Checkpoint
RP159: 5/29/2011 03:34:00 AM - System Checkpoint
RP160: 5/29/2011 12:23:24 PM - Restore Operation
RP161: 5/31/2011 02:29:28 AM - System Checkpoint
RP162: 6/1/2011 07:34:19 AM - System Checkpoint
RP163: 6/3/2011 01:52:52 AM - System Checkpoint
RP164: 6/4/2011 04:06:41 AM - System Checkpoint
RP165: 6/4/2011 07:20:04 PM - Removed XSplit
RP166: 6/4/2011 07:20:32 PM - Installed XSplit
RP167: 6/6/2011 08:43:37 AM - System Checkpoint
RP168: 6/7/2011 09:27:29 AM - System Checkpoint
RP169: 6/9/2011 02:44:58 PM - System Checkpoint
RP170: 6/12/2011 02:17:08 AM - System Checkpoint
RP171: 6/14/2011 02:45:36 AM - System Checkpoint
RP173: 6/18/2011 02:59:13 AM - System Checkpoint
RP174: 6/19/2011 12:12:44 PM - System Checkpoint
RP176: 6/23/2011 04:25:38 PM - Software Distribution Service 3.0
RP177: 6/23/2011 04:37:05 PM - Software Distribution Service 3.0
RP178: 6/23/2011 04:40:11 PM - Software Distribution Service 3.0
RP179: 6/23/2011 05:03:04 PM - Software Distribution Service 3.0
RP180: 6/23/2011 06:15:48 PM - Software Distribution Service 3.0
RP181: 6/23/2011 06:22:43 PM - Software Distribution Service 3.0
RP182: 6/23/2011 07:42:39 PM - Software Distribution Service 3.0
RP183: 6/24/2011 12:11:27 AM - Software Distribution Service 3.0
RP184: 6/24/2011 12:13:19 AM - Software Distribution Service 3.0
RP185: 6/24/2011 03:00:27 AM - Software Distribution Service 3.0
RP186: 6/24/2011 04:02:27 AM - Software Distribution Service 3.0
RP187: 6/24/2011 04:08:35 AM - Software Distribution Service 3.0
RP188: 6/24/2011 04:39:52 AM - Software Distribution Service 3.0
RP189: 6/24/2011 07:12:11 AM - Software Distribution Service 3.0
RP190: 6/25/2011 10:48:50 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
3DVIA player 4.1
7-Zip 4.65
AC Tool
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.3
Adobe Shockwave Player 11
AI RoboForm (All Users)
AIM 6
Akamai NetSession Interface
AMD Processor Driver
Amnesia - The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoHotkey 1.0.47.06
AviSynth 2.5
Bandisoft MPEG-1 Decoder
Bonjour
C-Media PCI Audio Device
Combined Community Codec Pack 2009-09-09
ConvertXtoDVD 4.1.19.365
CoreAAC Audio Decoder (remove only)
CPUID CPU-Z 1.57.1
DDS Thumbnail Viewer
Dealio Toolbar v4.1
Dev-C++ 4
DivX Content Uploader
DivX Web Player
Driver Detective
DScaler 5 Mpeg Decoders
EA Download Manager
EPU-4 Engine
Fate/stay night English v3.2
File Extension Changer 3.3.1
FlashGet 1.9.6.1073
Futuremark SystemInfo
GeoGebra WebStart
GhostMouse 2.0
Google Toolbar for Internet Explorer
Google Update Helper
Guild Wars
GunZ Mouse Re-Binder 1.19
GW-US54mini2
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB981793)
iGamma V. 2 (TRIAL VERSION)
ijji - Gunz
ijji FireFox Launcher 1.0
ijji REACTOR
ImageConverter Plus 7.1
ImgBurn
InstallIQ Updater
iTunes
J2SE Runtime Environment 5.0 Update 1
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 23
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 16
Java™ SE Development Kit 6 Update 20
Java™ SE Development Kit 6 Update 21
JDownloader
League of Legends
Livestream Procaster
Logger Pro 3.8.2
LoggerPro3
Logitech Gaming Software
Magicka
Malwarebytes' Anti-Malware version 1.51.0.1200
Media Player Codec Pack 3.9.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - JPN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - JPN
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - jpn
Microsoft .NET Framework 3.5 Language Pack - 日本語
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo 7.0
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows Application Compatibility Database
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Minefield (3.7a1pre)
MKVtoolnix 4.8.0
Mozilla Firefox 5.0 (x86 en-US)
MSXML 6 Service Pack 2 (KB973686)
NCsoft Launcher
Nexon Game Manager
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nView Desktop Manager
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
Orb Runtime libraries
Pando Media Booster
Pcsx2 0.9.1 Watermoose
Plants Vs Zombies
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
SDFormatter
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sibelius 5
Skype? 3.6
Skype? 5.1
Speeditup Free 4.90
Spybot - Search & Destroy
Subversion 1.4.5-r25188
System Requirements Lab
System Requirements Lab CYRI
TeamViewer 5
TI Connect 1.6
Turtle Beach Riviera
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VeohTV BETA
Viewpoint Media Player
VLC media player 0.9.9
WBFS Manager 2.5
WebFldrs XP
Winamp
Winamp Toolbar
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Resource Kit Tools
Windows XP Service Pack 3
WinRAR archiver
Works Suite OS Pack
Xilisoft Video Converter Platinum
Xilisoft Video Converter Ultimate
XLink Kai
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
XSplit
Yahoo! Software Update
Yahoo! Toolbar
μTorrent
.
==== Event Viewer Messages From Past Week ========
.
7/19/2011 12:41:23 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
7/19/2011 12:16:39 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/19/2011 12:16:39 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
7/19/2011 12:16:39 PM, error: Service Control Manager [7000] - The Genesys Logic USB Scanner Controller NT 5.0 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 01 August 2011 - 01:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 oblivion8743

oblivion8743
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 01 August 2011 - 01:38 AM

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by XP at 23:23:47 on 2011-07-31
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.2047.1133 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ActiveArmor Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ativtmxx32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\yA
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Planex\Common\RalinkRegistryWriter.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AIM6\aim6.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:51111
mSearchURL = hxxp://www.google.com/
BHO: {01b23e46-fcae-4dd5-8e44-d9ad14ec3fe9} - c:\windows\system32\AsIO32.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: cca6fd1: {814d1dda-ba89-9bbe-3213-f089245043b8} - c:\windows\system32\iasacct32.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - No File
TB: SYSTRAN Toolbar: {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Turtle Beach Riviera] "c:\program files\turtle beach\riviera\TBRivieraTray.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\xp\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\planex~1.lnk - c:\program files\planex\common\RaUI.exe
IE: &Download All with FlashGet
IE: &Download with FlashGet
IE: &Winamp Toolbar Search
IE: Customize Menu
IE: E&xport to Microsoft Excel
IE: Fill Forms
IE: Google Sidewiki...
IE: RoboForm Toolbar
IE: Save Forms
IE: SYSTRAN Lookup
IE: SYSTRAN Translate
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - c:\program files\atlas v14\Atlscript.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: facebook.com\www
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0F17863D-64A0-460F-9A02-C83027E7C363} : NameServer = 8.8.8.8
TCP: Interfaces\{3A493607-DA64-40FB-8F41-5EC79B31F7DB} : DhcpNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{CD11725B-C674-439A-923E-35B264C645D1} : NameServer = 8.8.8.8
TCP: Interfaces\{CD11725B-C674-439A-923E-35B264C645D1} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\xp\application data\mozilla\firefox\profiles\f7zzxxz8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mangaupdates.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51111
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-7-27 13696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-23 218688]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 aspnet_state32;ASP.NET State Service ;c:\windows\system32\ativtmxx32.exe [2011-7-22 802304]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-4 21992]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\planex\common\RalinkRegistryWriter.exe [2010-2-18 75040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-12-1 24652]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [2009-6-22 15104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-14 1684736]
S3 ByakkoDriver;ByakkoDriver;\??\c:\docume~1\xp\locals~1\temp\321661375.03-14-2010 --> c:\docume~1\xp\locals~1\temp\321661375.03-14-2010 [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\xp\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\xp\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2010-1-16 36928]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2010-2-18 16512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva309;XDva309;\??\c:\windows\system32\xdva309.sys --> c:\windows\system32\XDva309.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-07-26 22:29:32 -------- d-----w- c:\documents and settings\xp\riotsGamesLogs
2011-07-26 21:01:46 -------- d-s---w- C:\ComboFix
2011-07-26 18:59:57 2114968249 ----a-w- C:\DragonNestSetupV02.exe
2011-07-25 10:30:08 -------- d--h--w- c:\windows\PIF
2011-07-24 02:03:13 -------- d-----w- c:\documents and settings\xp\application data\Ubisoft
2011-07-23 15:45:39 -------- d-----w- c:\documents and settings\all users\application data\Solidshield
2011-07-23 15:43:08 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-23 15:43:07 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-23 15:43:06 -------- d-----w- c:\documents and settings\xp\application data\PunkBuster
2011-07-23 15:20:17 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-22 22:32:30 802304 ----a-w- c:\windows\system32\yA
2011-07-22 22:32:28 802304 ----a-w- c:\windows\system32\ativtmxx32.exe
.
==================== Find3M ====================
.
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-06-16 22:06:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 04:39:12 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2011-06-14 04:39:00 3038 ----a-w- C:\fix_svchost.bat
2011-06-14 04:37:53 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2011-06-11 21:40:37 0 ---ha-w- c:\documents and settings\xp\qvlzrkcvoj.tmp
2011-06-11 20:47:22 175616 ----a-w- c:\windows\system32\iasacct32.dll
2011-06-11 20:47:17 350720 ----a-w- c:\windows\system32\AsIO32.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2001-06-21 00:19:18 40960 ----a-w- c:\program files\ACMonitor_X83.exe
.
============= FINISH: 23:25:11.10 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/27/2007 10:08:54 PM
System Uptime: 7/28/2011 04:38:46 AM (91 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78 PLUS
Processor: AMD Phenom™ II X2 550 Processor | AM2 | 3108/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 153 GiB total, 15.09 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP125: 4/26/2011 02:14:26 PM - System Checkpoint
RP126: 4/27/2011 02:14:32 PM - System Checkpoint
RP127: 4/28/2011 02:18:07 PM - System Checkpoint
RP128: 4/29/2011 03:18:06 PM - System Checkpoint
RP129: 4/30/2011 03:39:26 PM - System Checkpoint
RP130: 5/1/2011 08:41:20 AM - Installed Prototype™
RP131: 5/1/2011 10:01:35 AM - Removed Prototype™
RP132: 5/2/2011 10:27:04 AM - System Checkpoint
RP133: 5/3/2011 11:17:07 AM - System Checkpoint
RP134: 5/4/2011 06:20:42 PM - Removed League of Legends
RP135: 5/4/2011 07:05:06 PM - Installed League of Legends
RP136: 5/5/2011 07:45:59 PM - System Checkpoint
RP137: 5/7/2011 02:16:52 AM - System Checkpoint
RP138: 5/8/2011 08:03:09 PM - System Checkpoint
RP139: 5/9/2011 08:05:24 PM - Installed iTunes
RP140: 5/11/2011 11:23:00 PM - System Checkpoint
RP141: 5/12/2011 07:01:19 PM - Removed League of Legends
RP142: 5/12/2011 07:44:13 PM - Installed League of Legends
RP143: 5/13/2011 08:12:16 PM - Removed League of Legends
RP144: 5/13/2011 08:41:14 PM - Installed League of Legends
RP145: 5/15/2011 02:06:33 AM - System Checkpoint
RP146: 5/16/2011 07:26:32 AM - System Checkpoint
RP147: 5/17/2011 11:48:42 PM - System Checkpoint
RP148: 5/18/2011 06:48:05 PM - Removed League of Legends
RP149: 5/18/2011 07:32:20 PM - Installed League of Legends
RP150: 5/20/2011 12:26:14 AM - System Checkpoint
RP151: 5/22/2011 11:26:12 AM - System Checkpoint
RP152: 5/23/2011 12:21:19 PM - System Checkpoint
RP153: 5/24/2011 01:21:19 PM - System Checkpoint
RP154: 5/25/2011 01:31:14 PM - System Checkpoint
RP155: 5/26/2011 02:31:14 PM - System Checkpoint
RP156: 5/26/2011 09:22:13 PM - Removed League of Legends
RP157: 5/26/2011 09:58:59 PM - Installed League of Legends
RP158: 5/28/2011 02:58:38 AM - System Checkpoint
RP159: 5/29/2011 03:34:00 AM - System Checkpoint
RP160: 5/29/2011 12:23:24 PM - Restore Operation
RP161: 5/31/2011 02:29:28 AM - System Checkpoint
RP162: 6/1/2011 07:34:19 AM - System Checkpoint
RP163: 6/3/2011 01:52:52 AM - System Checkpoint
RP164: 6/4/2011 04:06:41 AM - System Checkpoint
RP165: 6/4/2011 07:20:04 PM - Removed XSplit
RP166: 6/4/2011 07:20:32 PM - Installed XSplit
RP167: 6/6/2011 08:43:37 AM - System Checkpoint
RP168: 6/7/2011 09:27:29 AM - System Checkpoint
RP169: 6/9/2011 02:44:58 PM - System Checkpoint
RP170: 6/12/2011 02:17:08 AM - System Checkpoint
RP171: 6/14/2011 02:45:36 AM - System Checkpoint
RP172: 6/16/2011 03:09:28 PM - ComboFix created restore point
RP173: 6/18/2011 02:59:13 AM - System Checkpoint
RP174: 6/19/2011 12:12:44 PM - System Checkpoint
RP175: 6/21/2011 11:15:49 PM - ComboFix created restore point
RP176: 6/23/2011 04:25:38 PM - Software Distribution Service 3.0
RP177: 6/23/2011 04:37:05 PM - Software Distribution Service 3.0
RP178: 6/23/2011 04:40:11 PM - Software Distribution Service 3.0
RP179: 6/23/2011 05:03:04 PM - Software Distribution Service 3.0
RP180: 6/23/2011 06:15:48 PM - Software Distribution Service 3.0
RP181: 6/23/2011 06:22:43 PM - Software Distribution Service 3.0
RP182: 6/23/2011 07:42:39 PM - Software Distribution Service 3.0
RP183: 6/24/2011 12:11:27 AM - Software Distribution Service 3.0
RP184: 6/24/2011 12:13:19 AM - Software Distribution Service 3.0
RP185: 6/24/2011 03:00:27 AM - Software Distribution Service 3.0
RP186: 6/24/2011 04:02:27 AM - Software Distribution Service 3.0
RP187: 6/24/2011 04:08:35 AM - Software Distribution Service 3.0
RP188: 6/24/2011 04:39:52 AM - Software Distribution Service 3.0
RP189: 6/24/2011 07:12:11 AM - Software Distribution Service 3.0
RP190: 6/25/2011 10:48:50 AM - Software Distribution Service 3.0
RP191: 6/27/2011 12:24:55 AM - ComboFix created restore point
RP192: 7/19/2011 01:43:40 PM - ComboFix created restore point
RP193: 7/20/2011 03:00:39 AM - Software Distribution Service 3.0
RP194: 7/23/2011 08:30:53 AM - Installed Assassin's Creed Brotherhood
RP195: 7/23/2011 08:40:41 AM - Installed DirectX
RP196: 7/23/2011 08:42:07 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP197: 7/23/2011 08:42:32 AM - Installed Ubisoft Game Launcher
RP198: 7/24/2011 12:29:03 PM - System Checkpoint
RP199: 7/26/2011 12:03:37 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
3DVIA player 4.1
7-Zip 4.65
AC Tool
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.3
Adobe Shockwave Player 11
AI RoboForm (All Users)
AIM 6
Akamai NetSession Interface
AMD Processor Driver
Amnesia - The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed Brotherhood
AutoHotkey 1.0.47.06
AviSynth 2.5
Bandisoft MPEG-1 Decoder
Bonjour
C-Media PCI Audio Device
Combined Community Codec Pack 2009-09-09
ConvertXtoDVD 4.1.19.365
CoreAAC Audio Decoder (remove only)
CPUID CPU-Z 1.57.1
DAEMON Tools Lite
DAEMON Tools Toolbar
DDS Thumbnail Viewer
Dealio Toolbar v4.1
Dev-C++ 4
DivX Content Uploader
DivX Web Player
DragonNest
Driver Detective
DScaler 5 Mpeg Decoders
EA Download Manager
EPU-4 Engine
Fate/stay night English v3.2
File Extension Changer 3.3.1
FlashGet 1.9.6.1073
Futuremark SystemInfo
GeoGebra WebStart
GhostMouse 2.0
Google Toolbar for Internet Explorer
Google Update Helper
Guild Wars
GunZ Mouse Re-Binder 1.19
GW-US54mini2
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB981793)
iGamma V. 2 (TRIAL VERSION)
ijji - Gunz
ijji FireFox Launcher 1.0
ijji REACTOR
ImageConverter Plus 7.1
ImgBurn
InstallIQ Updater
iTunes
J2SE Runtime Environment 5.0 Update 1
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 23
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 16
Java™ SE Development Kit 6 Update 20
Java™ SE Development Kit 6 Update 21
JDownloader
League of Legends
Livestream Procaster
Logger Pro 3.8.2
LoggerPro3
Logitech Gaming Software
Magicka
Malwarebytes' Anti-Malware version 1.51.0.1200
Media Player Codec Pack 3.9.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - JPN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - JPN
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - jpn
Microsoft .NET Framework 3.5 Language Pack - 日本語
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo 7.0
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows Application Compatibility Database
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Minefield (3.7a1pre)
MKVtoolnix 4.8.0
Mozilla Firefox 5.0 (x86 en-US)
MSXML 6 Service Pack 2 (KB973686)
NCsoft Launcher
Nexon Game Manager
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nView Desktop Manager
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
Orb Runtime libraries
Pando Media Booster
Pcsx2 0.9.1 Watermoose
Plants Vs Zombies
PunkBuster Services
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
SDFormatter
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sibelius 5
Skype? 3.6
Skype? 5.1
Speeditup Free 4.90
Spybot - Search & Destroy
Subversion 1.4.5-r25188
System Requirements Lab
System Requirements Lab CYRI
TeamViewer 5
TI Connect 1.6
Turtle Beach Riviera
Ubisoft Game Launcher
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2553975)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VeohTV BETA
Viewpoint Media Player
VLC media player 0.9.9
VobSub v2.23 (Remove Only)
WBFS Manager 2.5
WebFldrs XP
Winamp
Winamp Toolbar
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Resource Kit Tools
Windows XP Service Pack 3
WinRAR archiver
Works Suite OS Pack
Xilisoft Video Converter Platinum
Xilisoft Video Converter Ultimate
XLink Kai
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
XSplit
Yahoo! Software Update
Yahoo! Toolbar
μTorrent
.
==== Event Viewer Messages From Past Week ========
.
7/30/2011 02:27:44 AM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
7/26/2011 01:56:37 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/26/2011 01:56:37 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
7/26/2011 01:56:37 PM, error: Service Control Manager [7000] - The Genesys Logic USB Scanner Controller NT 5.0 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/24/2011 11:15:52 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================





RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB241A000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 7655424 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 191.03 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 5902336 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 191.03 )
0xACAE3000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5201920 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB21F5000 C:\WINDOWS\system32\drivers\cmudax3.sys 1404928 bytes (C-Media Inc, C-Media Audio WDM Driver)
0xB7E1B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAC922000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB20EB000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xACA2F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAC047000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD5B3000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAB8E9000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB20B0000 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0xB23CF000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 225280 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB2149000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB21A1000 C:\WINDOWS\system32\drivers\windrvr6.sys 196608 bytes (Jungo, WinDriver Device Driver 9.21)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAC2A7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7DEE000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x8AC84000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAC9BA000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB2360000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xACA07000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAC8FC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x8ACF1000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB21D1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB23AB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB2388000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAC9E5000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7ED1000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7DD4000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7EF1000 nvata.sys 106496 bytes (NVIDIA Corporation, NVIDIAฎ nForce™ IDE Performance Driver)
0x8AC21000 C:\DOCUME~1\XP\LOCALS~1\Temp\pxtdrpow.sys 102400 bytes
0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAC81C000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7EA8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB218A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xABF92000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB234C000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB2406000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xACA88000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7EBF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB2179000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0x8AD15000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xB8308000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8198000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB81C8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB81D8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB81A8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAC10F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8258000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB8178000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB81B8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB81F8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB8218000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB8248000 C:\WINDOWS\system32\drivers\WmXlCore.sys 49152 bytes (Logitech Inc., Logitech WingMan Translation Driver)
0xB82A8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8188000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8208000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8268000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8238000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAAB0C000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xAC364000 C:\WINDOWS\system32\drivers\cpuz135_x32.sys 36864 bytes (CPUID, CPUID Driver)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xABB7A000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8228000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB8288000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB80F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB82B8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8460000 C:\DOCUME~1\XP\LOCALS~1\Temp\catchme.sys 32768 bytes
0xB8400000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8398000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB83E8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8368000 C:\ComboFix\mbr.sys 28672 bytes
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB83A0000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB83A8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB83C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB83F0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8468000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xB83F8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB83B8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB83C0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB83B0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8390000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB8428000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB2B87000 C:\WINDOWS\system32\drivers\BIOS.sys 16384 bytes (BIOSTAR Group, I/O Interface driver file)
0xB8538000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAC504000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB3DB0000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xACAD7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB3DA8000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)
0xAB879000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9254F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB3DA4000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAF2AB000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8540000 C:\WINDOWS\system32\drivers\WmBEnum.sys 12288 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver )
0xB3DAC000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB85F2000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xB8614000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
0xB860E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB861E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB860C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8610000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB85E0000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB861A000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xB8612000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85FC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85F4000 C:\WINDOWS\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB87F7000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB86CF000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB87B2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Thanks for the help Gringo.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 01 August 2011 - 02:03 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 oblivion8743

oblivion8743
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 01 August 2011 - 02:20 PM

I tried running Combofix, but it hangs at stage 49. The computer isn't acting up for now, but this usually happens when I restart the computer, then it starts redirecting me and svchost goes to 100%. So I'm not sure if anything is wrong.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 01 August 2011 - 02:49 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 oblivion8743

oblivion8743
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 01 August 2011 - 04:01 PM

I am running combofix in safe mode, but it's still stuck at stage 49. It's been like this for about half an hour.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 01 August 2011 - 07:11 PM

How did it go?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 oblivion8743

oblivion8743
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 01 August 2011 - 07:46 PM

Unfortunately, it seems like combofix was stuck at Stage 49, even after 2 hours.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 01 August 2011 - 07:54 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 oblivion8743

oblivion8743
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 01 August 2011 - 08:00 PM

Here's the results of the scan.

OTL logfile created on: 8/1/2011 05:55:33 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\XP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.16% Memory free
2.14 Gb Paging File | 1.59 Gb Available in Paging File | 74.08% Paging File free
Paging file location(s): C:\pagefile.sys 300 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 17.55 Gb Free Space | 11.50% Space Free | Partition Type: NTFS

Computer Name: ANDY | User Name: XP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\XP\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe (RealNetworks, Inc.)
PRC - C:\Documents and Settings\XP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\yA (DelphiDabbler)
PRC - C:\WINDOWS\system32\ativtmxx32.exe (DelphiDabbler)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\LOLReplay\LOLRecorder.exe ()
PRC - C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Planex\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe (Voyetra Turtle Beach, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\XP\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- File not found
SRV - (HidServ) -- File not found
SRV - (aspnet_state32) -- C:\WINDOWS\system32\ativtmxx32.exe (DelphiDabbler)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (RalinkRegistryWriter) -- C:\Program Files\Planex\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
SRV - (ForcewareWebInterface) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)


========== Driver Services (SafeList) ==========

DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (PsSdk41) -- C:\WINDOWS\system32\drivers\pssdk41.sys (microOLAP Technologies LTD)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (RAPIProtocol) -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys (Ralink Technology, Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (cmuda3) -- C:\WINDOWS\system32\drivers\cmudax3.sys (C-Media Inc)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.google.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 3E B2 01 AE FC D5 4D 8E 44 D9 AD 14 EC 3F E9 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 3E B2 01 AE FC D5 4D 8E 44 D9 AD 14 EC 3F E9 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 3E B2 01 AE FC D5 4D 8E 44 D9 AD 14 EC 3F E9 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 3E B2 01 AE FC D5 4D 8E 44 D9 AD 14 EC 3F E9 [binary data]

IE - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/
IE - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 3E B2 01 AE FC D5 4D 8E 44 D9 AD 14 EC 3F E9 [binary data]
IE - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51111

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Tip.It Customized Web Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mangaupdates.com/"
FF - prefs.js..extensions.enabledItems: {1d7ecda9-3b7e-4934-a2a1-f65f372068c1}:2.0
FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {75b25b93-309d-4b88-89f5-f7ff5072a9b4}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51111
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Syst่mes)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008/10/09 21:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components [2010/08/09 14:55:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2011/05/09 20:05:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 23:40:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 23:40:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\videofinder4 [2008/07/23 17:16:04 | 000,000,000 | ---D | M]

[2011/06/22 22:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Extensions
[2011/07/26 13:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\f7zzxxz8.default\extensions
[2011/08/01 16:50:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\f7zzxxz8.default\extensions\{4786c7b4-e720-43fd-8bcf-0fe0f35c49fe}
[2011/07/23 08:20:03 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\f7zzxxz8.default\extensions\DTToolbar@toolbarnet.com
[2010/08/09 15:03:12 | 000,001,950 | -H-- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\f7zzxxz8.default\searchplugins\bing-zugo.xml
[2011/06/22 04:23:06 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\f7zzxxz8.default\searchplugins\conduit.xml
[2011/07/23 08:19:54 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\f7zzxxz8.default\searchplugins\daemon-search.xml
[2011/06/22 23:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 23:05:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\XP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F7ZZXXZ8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/12/18 16:13:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 17:37:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/14 23:05:01 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/01/28 20:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiCHPlugin.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/12/18 00:50:50 | 000,217,088 | ---- | M] (<YNK Interactive>) -- C:\Program Files\mozilla firefox\plugins\uc_rohan_launching.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/25 23:37:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {01B23E46-FCAE-4DD5-8E44-D9AD14EC3FE9} - C:\WINDOWS\system32\AsIO32.dll ()
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (cca6fd1) - {814D1DDA-BA89-9BBE-3213-F089245043B8} - C:\WINDOWS\system32\iasacct32.dll (Dmitry Streblechenko)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Turtle Beach Riviera] C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Planex Wireless Utility.lnk = C:\Program Files\Planex\Common\RaUI.exe (Planex Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/27 22:06:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1960408961-1078145449-725345543-1003\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 17:54:59 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XP\Desktop\OTL.exe
[2011/08/01 17:22:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/01 15:42:36 | 004,160,708 | R--- | C] (Swearware) -- C:\Documents and Settings\XP\Desktop\ComboFix.exe
[2011/07/31 23:23:40 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\XP\Desktop\dds.scr
[2011/07/31 18:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Akiko Shikata - Harmonia
[2011/07/31 01:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Cencoroll
[2011/07/30 23:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Origin.Spirits.Of.The.Past.720p.MultiDub.ENG-JAP.plus.SUBs.[ShadoWCraft]
[2011/07/29 15:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\[Elysium]Origin.Spirits.of.the.Past(BD.720p.AAC.DA)
[2011/07/26 15:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\riotsGamesLogs
[2011/07/26 13:57:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/25 17:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Gates of Heaven
[2011/07/25 17:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Do the B-side
[2011/07/25 17:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Do the Best
[2011/07/25 17:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Need Your Love
[2011/07/25 15:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\(例大祭6)(同人音楽)[狐の工作室] 東方幻想界 -緋想天の音-
[2011/07/25 03:30:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/07/23 22:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\iPod Photo Cache
[2011/07/23 19:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Application Data\Ubisoft
[2011/07/23 19:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011/07/23 08:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011/07/23 08:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Application Data\PunkBuster
[2011/07/23 08:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ubisoft
[2011/07/23 08:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/07/23 08:20:17 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/07/23 08:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2011/07/22 15:32:30 | 000,802,304 | ---- | C] (DelphiDabbler) -- C:\WINDOWS\System32\yA
[2011/07/22 15:32:28 | 000,802,304 | ---- | C] (DelphiDabbler) -- C:\WINDOWS\System32\ativtmxx32.exe
[2011/07/20 22:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\iPhone pics
[2011/07/20 20:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Start Menu\Programs\VobSub
[2011/07/20 20:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2011/07/20 03:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Kung Fu Mahjong
[2009/06/26 22:57:10 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[2001/06/19 17:34:36 | 000,040,960 | ---- | C] (Jetsoft Development Company) -- C:\Program Files\ACMonitor_X83.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\XP\*.tmp files -> C:\Documents and Settings\XP\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 17:54:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XP\Desktop\OTL.exe
[2011/08/01 17:49:43 | 000,536,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/01 17:49:43 | 000,102,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/01 17:46:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/01 17:46:42 | 000,253,500 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/08/01 17:46:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/01 17:45:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/01 17:45:35 | 2146,549,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 15:42:43 | 004,160,708 | R--- | M] (Swearware) -- C:\Documents and Settings\XP\Desktop\ComboFix.exe
[2011/08/01 15:00:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/31 23:24:32 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\RKUnhookerLE.EXE
[2011/07/31 23:23:41 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\XP\Desktop\dds.scr
[2011/07/31 23:23:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\XP\defogger_reenable
[2011/07/31 23:22:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Defogger.exe
[2011/07/31 11:08:27 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\vso_ts_preview.xml
[2011/07/29 22:20:12 | 000,000,139 | ---- | M] () -- C:\WINDOWS\System32\pixelcity.ini
[2011/07/26 13:32:56 | 000,000,175 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
[2011/07/26 13:09:16 | 2114,968,249 | ---- | M] () -- C:\DragonNestSetupV02.exe
[2011/07/26 01:37:57 | 000,000,037 | ---- | M] () -- C:\WINDOWS\System32\2c393883
[2011/07/25 23:37:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/25 15:25:38 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 22:34:18 | 006,194,530 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\20-koyote-nonsense_(main_version).mp3
[2011/07/24 22:28:47 | 003,018,077 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Boys Like Girls - Heels Over Head.mp3
[2011/07/24 22:16:45 | 007,981,056 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\01 Hands Up.mp3
[2011/07/24 22:14:11 | 004,266,142 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Perfume---Polyrhythm-MV.mp3
[2011/07/24 11:07:52 | 005,109,583 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\CN BLUE - Love Girl.mp3
[2011/07/24 00:21:10 | 009,181,665 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\02 The Logical Song.mp3
[2011/07/23 08:40:36 | 000,001,965 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Assassin's Creed Brotherhood.lnk
[2011/07/23 08:25:17 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/07/23 08:19:44 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2011/07/22 19:20:04 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\RSBuddy Login.ini
[2011/07/22 15:32:28 | 000,802,304 | ---- | M] (DelphiDabbler) -- C:\WINDOWS\System32\yA
[2011/07/22 15:32:28 | 000,802,304 | ---- | M] (DelphiDabbler) -- C:\WINDOWS\System32\ativtmxx32.exe
[2011/07/22 15:32:28 | 000,000,105 | ---- | M] () -- C:\WINDOWS\System32\102181107
[2011/07/22 13:28:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/21 20:40:54 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\XP\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2011/07/21 20:40:53 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ijji REACTOR.lnk
[2011/07/21 01:57:12 | 000,189,535 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\DSC00148.jpg
[2011/07/21 01:57:10 | 000,017,736 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Photo0006.jpg
[2011/07/20 04:10:07 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/20 03:02:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/19 13:17:59 | 001,911,560 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\RSBuddy.jar
[2011/07/18 22:15:30 | 007,659,146 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Keizoku-Chronic Love-Nakatani Miki.mp3
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\gmer.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\XP\*.tmp files -> C:\Documents and Settings\XP\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 17:45:35 | 2146,549,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/31 23:24:32 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\RKUnhookerLE.EXE
[2011/07/31 23:23:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\XP\defogger_reenable
[2011/07/31 23:22:41 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Defogger.exe
[2011/07/29 23:06:49 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\gmer.exe
[2011/07/26 22:17:23 | 001,318,942 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\1309298068759.jpg
[2011/07/26 13:32:56 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
[2011/07/26 11:59:57 | 2114,968,249 | ---- | C] () -- C:\DragonNestSetupV02.exe
[2011/07/24 22:41:04 | 006,194,530 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\20-koyote-nonsense_(main_version).mp3
[2011/07/24 22:40:23 | 003,018,077 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Boys Like Girls - Heels Over Head.mp3
[2011/07/24 22:39:37 | 004,266,142 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Perfume---Polyrhythm-MV.mp3
[2011/07/24 22:38:46 | 007,981,056 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\01 Hands Up.mp3
[2011/07/24 22:38:45 | 005,109,583 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\CN BLUE - Love Girl.mp3
[2011/07/23 23:12:52 | 009,181,665 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\02 The Logical Song.mp3
[2011/07/23 08:43:08 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/07/23 08:43:07 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/07/23 08:40:36 | 000,001,965 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Assassin's Creed Brotherhood.lnk
[2011/07/23 01:06:36 | 007,659,146 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Keizoku-Chronic Love-Nakatani Miki.mp3
[2011/07/22 19:20:04 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\XP\Application Data\RSBuddy Login.ini
[2011/07/22 16:02:05 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System32\2c393883
[2011/07/21 20:40:53 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ijji REACTOR.lnk
[2011/07/20 18:59:19 | 000,189,535 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\DSC00148.jpg
[2011/07/20 18:59:16 | 000,017,736 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Photo0006.jpg
[2011/06/14 12:11:58 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\XP\Application Data\RSBuddy_oblivion8743.ini
[2011/06/11 13:47:17 | 000,350,720 | ---- | C] () -- C:\WINDOWS\System32\AsIO32.dll
[2011/06/03 23:05:24 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\XP\Application Data\vso_ts_preview.xml
[2011/05/29 02:18:34 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18145060r
[2011/05/29 02:18:34 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18145060
[2011/05/29 02:18:24 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18145060
[2011/05/20 09:37:58 | 000,014,482 | -HS- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\605mcc14d74nw837
[2011/05/20 09:37:58 | 000,014,482 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\605mcc14d74nw837
[2011/05/15 19:30:58 | 000,014,862 | -HS- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\t2ybcc7v0fo3v477kk270ad
[2011/05/15 19:30:58 | 000,014,862 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t2ybcc7v0fo3v477kk270ad
[2011/05/13 19:02:50 | 000,000,289 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/13 18:39:27 | 000,013,236 | -HS- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\x10e05rp0it3eboqp5
[2011/05/13 18:39:27 | 000,013,236 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x10e05rp0it3eboqp5
[2011/05/13 18:39:26 | 000,011,336 | -H-- | C] () -- C:\Documents and Settings\XP\Application Data\9562.153
[2011/05/08 11:24:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/08 11:24:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/08 11:24:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/08 11:24:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/08 11:24:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/08 02:03:24 | 000,014,646 | -HS- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\4g0bk7t7pvk4po2q12ad613hu6tr
[2011/05/08 02:03:24 | 000,014,646 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4g0bk7t7pvk4po2q12ad613hu6tr
[2011/04/21 17:37:44 | 000,008,792 | -HS- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\y41c83d076d1sd3hswni6e0x476e32
[2011/04/21 17:37:44 | 000,008,792 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y41c83d076d1sd3hswni6e0x476e32
[2011/03/23 18:08:42 | 000,013,382 | -HS- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\i05d3j1a3d2v4e7h23351jay55r4w
[2011/03/23 18:08:42 | 000,013,382 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\i05d3j1a3d2v4e7h23351jay55r4w
[2011/03/19 21:17:31 | 000,015,886 | -HS- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\6bp428eo4c3th65clhdiju8r62o373573
[2011/03/19 21:17:31 | 000,015,886 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6bp428eo4c3th65clhdiju8r62o373573
[2010/12/31 18:19:35 | 000,000,031 | ---- | C] () -- C:\WINDOWS\TrinityLauncher.INI
[2010/12/31 14:31:47 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/12/27 21:03:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/09 21:27:37 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/03 19:30:21 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/24 12:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 12:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 12:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 12:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 12:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 12:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 12:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 12:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 12:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 12:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 12:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 12:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 12:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 12:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 12:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 12:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 13:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 13:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 13:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 13:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 13:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2010/05/19 13:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 13:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 13:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 13:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2010/05/19 13:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 13:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2010/05/19 13:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 13:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/05/08 09:34:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2010/04/19 20:25:32 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/03/18 15:59:41 | 000,078,220 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/01 23:06:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2010/02/18 21:00:26 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/02/18 20:45:40 | 000,014,436 | ---- | C] () -- C:\WINDOWS\Djohirog.dat
[2010/02/18 20:45:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bmihafotocedofib.bin
[2009/11/30 21:45:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/29 17:39:35 | 000,000,608 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2009/11/29 17:39:35 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009/08/19 00:53:59 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/08/14 07:14:36 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/14 06:24:08 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Cmeaupci.exe
[2009/08/14 06:24:07 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.exe
[2009/08/14 06:24:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.dll
[2009/08/14 06:24:07 | 000,000,228 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2009/08/14 06:23:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\CmiInstallResAll.dll
[2009/08/14 06:23:53 | 000,003,647 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2009/08/14 06:23:53 | 000,000,161 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.imi
[2009/08/14 06:23:52 | 000,106,496 | ---- | C] () -- C:\WINDOWS\VMix.dll
[2009/08/14 06:23:49 | 000,000,785 | ---- | C] () -- C:\WINDOWS\cmudax3.ini
[2009/08/14 06:18:55 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/08/14 06:18:55 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32(6).dll
[2009/08/14 06:18:55 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32(5).dll
[2009/08/14 06:18:55 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32(4).dll
[2009/08/14 06:18:55 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32(3).dll
[2009/08/14 06:18:55 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32(2).dll
[2009/08/14 06:18:18 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/08/14 06:18:18 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/08/14 06:18:13 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/08/14 06:18:13 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/08/14 06:16:19 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/14 06:16:09 | 000,034,668 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/14 06:16:09 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/14 06:14:27 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/08/11 14:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/05/24 11:39:29 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\fusioncache.dat
[2009/05/24 11:36:22 | 000,721,920 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2009/05/24 11:36:22 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\libxslt.dll
[2009/05/24 11:36:22 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\libexslt.dll
[2009/05/23 22:50:05 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\FJLTAFOU.BIN
[2009/05/20 21:52:34 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\pixelcity.ini
[2009/05/12 19:54:23 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/05/11 21:12:41 | 000,000,025 | ---- | C] () -- C:\Program Files\popcinfot.dat
[2009/02/28 00:05:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2009/01/10 15:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/08 23:11:23 | 001,228,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2009/01/08 22:46:44 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2008/11/06 08:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/23 21:27:54 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2008/07/23 17:25:43 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/16 22:26:11 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\LTAW14FN.BIN
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/01/18 09:38:41 | 000,000,032 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/16 18:40:47 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/11/18 10:02:08 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 02:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/10/10 21:50:27 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/03 18:08:20 | 000,001,783 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/15 12:43:36 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/09/06 18:55:00 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2007/09/05 18:48:35 | 000,000,805 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/09/02 07:34:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/27 22:41:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/27 22:40:33 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2007/07/27 22:08:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/27 22:03:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/27 00:21:39 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/27 00:20:34 | 000,336,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,536,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,102,016 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,004,096 | -HS- | C] () -- C:\WINDOWS\System32\1112.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/10/25 11:20:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/10/25 11:20:08 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/05/28 13:26:24 | 000,131,584 | ---- | C] () -- C:\WINDOWS\Ptlic32.exe
[1999/04/20 04:15:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\unvise32.dll

========== Files - Unicode (All) ==========
[2009/04/03 23:48:50 | 000,000,000 | ---D | M](C:\Documents and Settings\XP\Application Data\’O‰o??“¬?a?y?”) -- C:\Documents and Settings\XP\Application Data\’O‰บŒ“ฌ‹ไŠy•”
[2009/04/03 23:48:50 | 000,000,000 | ---D | M](C:\Documents and Settings\XP\Application Data\’O‰o??“¬?a?y?”) -- C:\Documents and Settings\XP\Application Data\’O‰บŒ“ฌ‹ไŠy•”
[2009/02/04 16:49:20 | 000,000,000 | ---D | M](C:\Documents and Settings\XP\My Documents\???丁?) -- C:\Documents and Settings\XP\My Documents\跑跑卡丁车
[2009/02/04 16:49:20 | 000,000,000 | ---D | C](C:\Documents and Settings\XP\My Documents\???丁?) -- C:\Documents and Settings\XP\My Documents\跑跑卡丁车
(C:\Documents and Settings\XP\Application Data\’O‰o??“¬?a?y?”) -- C:\Documents and Settings\XP\Application Data\’O‰บŒ“ฌ‹ไŠy•”

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:825D5945

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 01 August 2011 - 08:17 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O3 - HKLM\..\Toolbar: (no name) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
    O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - File not found
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    FF - prefs.js..extensions.enabledItems: {75b25b93-309d-4b88-89f5-f7ff5072a9b4}:1.0  
    FF - prefs.js..extensions.enabledItems: {1d7ecda9-3b7e-4934-a2a1-f65f372068c1}:2.0
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 51111
    [2011/08/01 16:50:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\f7zzxxz8.default\extensions\{4786c7b4-e720-43fd-8bcf-0fe0f35c49fe}
    O2 - BHO: (no name) - {01B23E46-FCAE-4DD5-8E44-D9AD14EC3FE9} - C:\WINDOWS\system32\AsIO32.dll ()
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 oblivion8743

oblivion8743
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 01 August 2011 - 09:08 PM

svchost still acting up at 100%

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3C6301ED-0F78-4AF2-8150-D9C052361A8E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C6301ED-0F78-4AF2-8150-D9C052361A8E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7707A72-4355-11D4-82BD-00000EBBEF8D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7707A72-4355-11D4-82BD-00000EBBEF8D}\ not found.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Starting removal of ActiveX control {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Prefs.js: {75b25b93-309d-4b88-89f5-f7ff5072a9b4}:1.0 removed from extensions.enabledItems
Prefs.js: {1d7ecda9-3b7e-4934-a2a1-f65f372068c1}:2.0 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 51111 removed from network.proxy.http_port
Folder C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\f7zzxxz8.default\extensions\{4786c7b4-e720-43fd-8bcf-0fe0f35c49fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01B23E46-FCAE-4DD5-8E44-D9AD14EC3FE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01B23E46-FCAE-4DD5-8E44-D9AD14EC3FE9}\ not found.
File C:\WINDOWS\system32\AsIO32.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\XP\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\XP\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: FONT

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lana
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: XP
->Temp folder emptied: 641762 bytes
->Temporary Internet Files folder emptied: 136914 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11047497 bytes
->Flash cache emptied: 434 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: FONT

User: Guest

User: Lana

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: XP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 08012011_190302

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_65c.dat not found!

Registry entries deleted on Reboot...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 02 August 2011 - 07:54 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 oblivion8743

oblivion8743
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 02 August 2011 - 10:10 PM

2011/08/02 20:09:00.0328 0924 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 20:09:00.0812 0924 ================================================================================
2011/08/02 20:09:00.0812 0924 SystemInfo:
2011/08/02 20:09:00.0812 0924
2011/08/02 20:09:00.0812 0924 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/02 20:09:00.0812 0924 Product type: Workstation
2011/08/02 20:09:00.0812 0924 ComputerName: ANDY
2011/08/02 20:09:00.0812 0924 UserName: XP
2011/08/02 20:09:00.0812 0924 Windows directory: C:\WINDOWS
2011/08/02 20:09:00.0812 0924 System windows directory: C:\WINDOWS
2011/08/02 20:09:00.0812 0924 Processor architecture: Intel x86
2011/08/02 20:09:00.0812 0924 Number of processors: 1
2011/08/02 20:09:00.0812 0924 Page size: 0x1000
2011/08/02 20:09:00.0812 0924 Boot type: Normal boot
2011/08/02 20:09:00.0812 0924 ================================================================================
2011/08/02 20:09:03.0250 0924 Initialize success
2011/08/02 20:09:04.0390 1948 ================================================================================
2011/08/02 20:09:04.0390 1948 Scan started
2011/08/02 20:09:04.0390 1948 Mode: Manual;
2011/08/02 20:09:04.0390 1948 ================================================================================
2011/08/02 20:09:06.0468 1948 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/02 20:09:06.0531 1948 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/02 20:09:06.0656 1948 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/02 20:09:06.0734 1948 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/02 20:09:06.0765 1948 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/02 20:09:07.0000 1948 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/02 20:09:07.0140 1948 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/08/02 20:09:07.0312 1948 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2011/08/02 20:09:07.0375 1948 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/02 20:09:07.0437 1948 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/02 20:09:07.0515 1948 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/02 20:09:07.0625 1948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/02 20:09:07.0703 1948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/02 20:09:07.0828 1948 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys
2011/08/02 20:09:07.0859 1948 BulkUsb (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\Drivers\usbscan.sys
2011/08/02 20:09:08.0109 1948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/02 20:09:08.0281 1948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/02 20:09:08.0343 1948 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/02 20:09:08.0421 1948 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/02 20:09:08.0625 1948 cmuda3 (6c06cea8fad941c45d935d97c3aa9d56) C:\WINDOWS\system32\drivers\cmudax3.sys
2011/08/02 20:09:09.0062 1948 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
2011/08/02 20:09:09.0218 1948 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/02 20:09:09.0343 1948 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/02 20:09:09.0515 1948 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/02 20:09:09.0546 1948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/02 20:09:09.0578 1948 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/02 20:09:09.0640 1948 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/02 20:09:09.0781 1948 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
2011/08/02 20:09:10.0015 1948 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/08/02 20:09:10.0140 1948 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/02 20:09:10.0218 1948 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/02 20:09:10.0375 1948 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/02 20:09:10.0609 1948 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/02 20:09:10.0718 1948 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/02 20:09:10.0796 1948 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2011/08/02 20:09:10.0906 1948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/02 20:09:10.0921 1948 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/02 20:09:11.0000 1948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/02 20:09:11.0093 1948 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/02 20:09:11.0250 1948 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/02 20:09:11.0406 1948 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/02 20:09:11.0515 1948 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/02 20:09:11.0750 1948 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/02 20:09:11.0796 1948 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/02 20:09:12.0031 1948 IntcAzAudAddService (f9bb9063a6557098dbaf7396e026c922) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/02 20:09:12.0250 1948 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/02 20:09:12.0328 1948 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/02 20:09:12.0375 1948 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/02 20:09:12.0453 1948 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/02 20:09:12.0515 1948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/02 20:09:12.0625 1948 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/02 20:09:12.0656 1948 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/02 20:09:12.0687 1948 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/02 20:09:12.0765 1948 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/02 20:09:12.0812 1948 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/02 20:09:12.0875 1948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/02 20:09:12.0937 1948 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/02 20:09:13.0046 1948 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/02 20:09:13.0203 1948 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/02 20:09:13.0281 1948 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/02 20:09:13.0328 1948 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/02 20:09:13.0437 1948 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/02 20:09:13.0484 1948 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/02 20:09:13.0531 1948 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/02 20:09:13.0578 1948 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/02 20:09:13.0656 1948 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/02 20:09:13.0750 1948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/02 20:09:13.0843 1948 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/02 20:09:13.0921 1948 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/08/02 20:09:14.0000 1948 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/02 20:09:14.0078 1948 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/02 20:09:14.0187 1948 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/02 20:09:14.0218 1948 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/02 20:09:14.0250 1948 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/02 20:09:14.0328 1948 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/02 20:09:14.0390 1948 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/02 20:09:14.0453 1948 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/02 20:09:14.0515 1948 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/02 20:09:14.0640 1948 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
2011/08/02 20:09:14.0718 1948 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/02 20:09:14.0843 1948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/02 20:09:15.0203 1948 nv (ff46366bd758869cfff00491e4fcf313) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/02 20:09:15.0562 1948 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/08/02 20:09:15.0625 1948 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/02 20:09:15.0703 1948 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/02 20:09:15.0796 1948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/02 20:09:15.0859 1948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/02 20:09:15.0968 1948 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/02 20:09:16.0062 1948 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/02 20:09:16.0093 1948 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/02 20:09:16.0140 1948 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/02 20:09:16.0218 1948 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/02 20:09:16.0281 1948 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/02 20:09:16.0500 1948 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/02 20:09:16.0578 1948 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/02 20:09:16.0640 1948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/02 20:09:16.0781 1948 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\WINDOWS\system32\Drivers\pssdk41.sys
2011/08/02 20:09:16.0890 1948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/02 20:09:16.0968 1948 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/02 20:09:17.0234 1948 RAPIProtocol (488090449877fb7f9c2aff9ebf6689da) C:\WINDOWS\system32\DRIVERS\RAPIProtocol.sys
2011/08/02 20:09:17.0296 1948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/02 20:09:17.0390 1948 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/02 20:09:17.0468 1948 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/02 20:09:17.0515 1948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/02 20:09:17.0609 1948 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/02 20:09:17.0765 1948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/02 20:09:17.0828 1948 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/02 20:09:17.0937 1948 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/02 20:09:18.0000 1948 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/02 20:09:18.0140 1948 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2011/08/02 20:09:18.0281 1948 RT73 (d40e3cec0813f6b812bb556f809dee49) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/08/02 20:09:18.0375 1948 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/02 20:09:18.0453 1948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/02 20:09:18.0531 1948 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/02 20:09:18.0609 1948 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/02 20:09:18.0750 1948 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/02 20:09:18.0937 1948 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/02 20:09:19.0015 1948 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/02 20:09:19.0078 1948 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/02 20:09:19.0187 1948 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/02 20:09:19.0218 1948 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/02 20:09:19.0359 1948 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/02 20:09:19.0562 1948 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/02 20:09:19.0687 1948 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/02 20:09:19.0859 1948 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/02 20:09:19.0968 1948 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/02 20:09:20.0062 1948 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys
2011/08/02 20:09:20.0140 1948 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/02 20:09:20.0218 1948 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/02 20:09:20.0375 1948 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/02 20:09:20.0453 1948 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/02 20:09:20.0500 1948 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/02 20:09:20.0593 1948 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/02 20:09:20.0687 1948 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/02 20:09:20.0765 1948 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/02 20:09:20.0843 1948 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/02 20:09:20.0968 1948 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/02 20:09:21.0046 1948 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/02 20:09:21.0109 1948 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/02 20:09:21.0203 1948 WinDriver6 (451f905bc7bff9e1cff2e7ae76196b2c) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/08/02 20:09:21.0328 1948 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/08/02 20:09:21.0375 1948 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/08/02 20:09:21.0453 1948 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/02 20:09:21.0578 1948 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/08/02 20:09:21.0625 1948 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/08/02 20:09:21.0765 1948 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/02 20:09:21.0921 1948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/02 20:09:22.0046 1948 Boot (0x1200) (fe04c20407f3d34858d8bb3a683bad09) \Device\Harddisk0\DR0\Partition0
2011/08/02 20:09:22.0046 1948 ================================================================================
2011/08/02 20:09:22.0046 1948 Scan finished
2011/08/02 20:09:22.0046 1948 ================================================================================
2011/08/02 20:09:22.0062 4084 Detected object count: 0
2011/08/02 20:09:22.0062 4084 Actual detected object count: 0


No files found, but my svchost still eats up a lot of cpu.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users