Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Antispyware 2012


  • This topic is locked This topic is locked
35 replies to this topic

#1 MReed98643

MReed98643

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 27 July 2011 - 03:37 PM

Hi -- My first malware infection in several years. Got some great help from you guys last time, so I hope you can help again. I've been following instructions for manual removal of "XP Antispyware 2012". I can get rid of their main application and get my executables to work again, but it's still redirecting my internet use, making things incredibly slow, reinstalling itself, etc. As instructed in your guide, I ran "FixNCR.reg" and "iExplore.exe" and then did a full scan with MalwareBytes. The scan only found 4 things, and after removing them, I'm left with the above issues. Thanks very much for any help! -- Marty

Below (and attached) is my DDS log. I've been trying to create the GMER log, but my computer's so low-performance right now that by the time GMER finishes running, nothing will respond, including the SAVE button. I'll keep trying, and if I can manage to get a log, I'll post it. Thanks -- Marty

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by k151 at 13:48:33 on 2011-07-27
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1625 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Matrox X.tools\System\digisc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\hptsvr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k termsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TaskTray] c:\program files\creative\sbaudigy\taskbar\CTLTray.exe
uRun: [Taskbar] c:\program files\creative\sbaudigy\taskbar\CTLTask.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpeechExec Startup] c:\program files\common files\philips speech shared\components\PSP.SpeechExec.StartupApp.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Jet Detection] c:\program files\creative\sbaudigy\program\ADGJDet.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\quickenw\QWDLLS.EXE
uPolicies-explorer: <NO NAME> =
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097467648187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{59DC67FA-AD5A-446E-B54C-51788A72BC23} : DhcpNameServer = 66.75.164.90 66.75.164.89 66.75.160.64
TCP: Interfaces\{B6E1C1AC-B0EA-4251-9CF9-674CFF05F478} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BD84E9FD-8EB5-44C6-A5B5-4D021EE5B06B} : DhcpNameServer = 10.1.10.1
Notify: PCANotify - PCANotify.dll
Notify: ter1mw32 - ter1mw32.dll
Notify: termsvces - ter1mw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hpt374;hpt374;c:\windows\system32\drivers\hpt374.sys [2003-3-7 104214]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2007-3-30 17848]
R2 hptsvr;HighPoint RAID Management Service;c:\program files\highpoint technologies, inc\highpoint raid management software\service\hptsvr.exe [2005-7-23 53248]
R2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termsvc [2003-3-31 14336]
R3 dgcodec;dgcodec;c:\windows\system32\drivers\dgcodec.sys [2010-10-1 3239335]
R3 dgvideo;dgvideo;c:\windows\system32\drivers\dgvideo.sys [2010-10-1 1246503]
R3 digim2ba;digim2ba;c:\windows\system32\drivers\digim2ba.sys [2010-10-1 7908]
R3 DigiPnp;DigiPnp;c:\windows\system32\drivers\Digipnp.sys [2008-7-13 7266]
R3 digisclk;digisclk;c:\windows\system32\drivers\digisclk.sys [2010-10-1 9348]
R3 digismem;digismem;c:\windows\system32\drivers\digismem.sys [2010-10-1 28868]
R3 digisnif;digisnif;c:\windows\system32\drivers\digisnif.sys [2010-10-1 65572]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [2008-7-13 1758336]
R3 flex3dio;flex3dio;c:\windows\system32\drivers\flex3dio.sys [2010-10-1 72644]
R3 mvkG550rt;mvkG550rt;c:\windows\system32\drivers\mvkG550rt.sys [2010-10-1 2986887]
R3 MvkMiniVFX;mvkMiniVFX;c:\windows\system32\drivers\MvkMiniVFX.sys [2010-10-1 36139]
R3 mvkRTXio;mvkRTXio;c:\windows\system32\drivers\mvkRtXIo.sys [2010-10-1 64359]
R3 mvkVideoBus;mvkVideoBus;c:\windows\system32\drivers\mvkMinicuda.sys [2010-10-1 48973]
S2 DVR2EXP;ADS DVD Xpress;c:\windows\system32\drivers\dvr2exp.sys [2004-12-14 34760]
S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2007-5-11 132728]
S3 Clipditcmw;Clipditcmw;c:\windows\system32\drivers\ctljystk.sys [2004-10-11 3712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-4 41272]
.
=============== Created Last 30 ================
.
2011-07-27 19:45:48 53248 ----a-w- c:\windows\system32\6to4v32.dll
2011-07-27 19:45:42 35840 ----a-w- c:\windows\system32\ter1mw32.dll
2011-07-27 19:45:42 218624 ----a-w- c:\windows\system32\termlw32.dll
2011-07-26 17:42:27 -------- d-----w- c:\windows\pss
2011-07-26 17:40:14 -------- d-----w- c:\program files\Lavasoft
.
==================== Find3M ====================
.
2011-07-10 17:46:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 00:35:26 1004 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 13:50:06.14 ===============

EDIT: Posts merged ~Budapest

Attached Files


Edited by Budapest, 28 July 2011 - 05:00 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 06 August 2011 - 03:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411599 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 PM

Posted 07 August 2011 - 12:17 PM

Hello,

Can you please post the logs requested in the previous post above so we can start cleaning your machine.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 MReed98643

MReed98643
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 07 August 2011 - 05:18 PM

Hi Bleepin' Fireman -- Sorry for the delay -- I keep trying to create the GMER log, but it's just not working. The scan will finish (button says SCAN instead of STOP), but then the program won't respond. I can only get an hourglass cursor over the GMER box. Here's what the HelpBot said to provide if I can't run the scan: Operating system is Windows XP Professional Version 2002, Service Pack 2 (32-bit). I'm afraid I don't have the original Windows CD, as I got this computer on E-Bay a number of years ago. Below (and attached) is the log from my latest DDS scan:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by k151 at 15:01:21 on 2011-08-07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1624 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Matrox X.tools\System\digisc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\hptsvr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k termsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\QUICKENW\QWDLLS.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TaskTray] c:\program files\creative\sbaudigy\taskbar\CTLTray.exe
uRun: [Taskbar] c:\program files\creative\sbaudigy\taskbar\CTLTask.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpeechExec Startup] c:\program files\common files\philips speech shared\components\PSP.SpeechExec.StartupApp.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Jet Detection] c:\program files\creative\sbaudigy\program\ADGJDet.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\quickenw\QWDLLS.EXE
uPolicies-explorer: <NO NAME> =
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097467648187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{59DC67FA-AD5A-446E-B54C-51788A72BC23} : DhcpNameServer = 66.75.164.90 66.75.164.89 66.75.160.64
TCP: Interfaces\{B6E1C1AC-B0EA-4251-9CF9-674CFF05F478} : DhcpNameServer = 192.168.0.1
Notify: IsWow64Process - ter1mw32.dll
Notify: PCANotify - PCANotify.dll
Notify: Service Pack 2 - LC
Notify: ter1mw32 - ter1mw32.dll
Notify: termsvces - ter1mw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hpt374;hpt374;c:\windows\system32\drivers\hpt374.sys [2003-3-7 104214]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2007-3-30 17848]
R2 hptsvr;HighPoint RAID Management Service;c:\program files\highpoint technologies, inc\highpoint raid management software\service\hptsvr.exe [2005-7-23 53248]
R2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termsvc [2003-3-31 14336]
R3 dgcodec;dgcodec;c:\windows\system32\drivers\dgcodec.sys [2010-10-1 3239335]
R3 dgvideo;dgvideo;c:\windows\system32\drivers\dgvideo.sys [2010-10-1 1246503]
R3 digim2ba;digim2ba;c:\windows\system32\drivers\digim2ba.sys [2010-10-1 7908]
R3 DigiPnp;DigiPnp;c:\windows\system32\drivers\Digipnp.sys [2008-7-13 7266]
R3 digisclk;digisclk;c:\windows\system32\drivers\digisclk.sys [2010-10-1 9348]
R3 digismem;digismem;c:\windows\system32\drivers\digismem.sys [2010-10-1 28868]
R3 digisnif;digisnif;c:\windows\system32\drivers\digisnif.sys [2010-10-1 65572]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [2008-7-13 1758336]
R3 flex3dio;flex3dio;c:\windows\system32\drivers\flex3dio.sys [2010-10-1 72644]
R3 mvkG550rt;mvkG550rt;c:\windows\system32\drivers\mvkG550rt.sys [2010-10-1 2986887]
R3 MvkMiniVFX;mvkMiniVFX;c:\windows\system32\drivers\MvkMiniVFX.sys [2010-10-1 36139]
R3 mvkRTXio;mvkRTXio;c:\windows\system32\drivers\mvkRtXIo.sys [2010-10-1 64359]
R3 mvkVideoBus;mvkVideoBus;c:\windows\system32\drivers\mvkMinicuda.sys [2010-10-1 48973]
S2 DVR2EXP;ADS DVD Xpress;c:\windows\system32\drivers\dvr2exp.sys [2004-12-14 34760]
S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2007-5-11 132728]
S3 Clipditcmw;Clipditcmw;c:\windows\system32\drivers\ctljystk.sys [2004-10-11 3712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-4 41272]
.
=============== Created Last 30 ================
.
2011-07-27 19:45:48 53248 ----a-w- c:\windows\system32\6to4v32.dll
2011-07-27 19:45:42 35840 ----a-w- c:\windows\system32\ter1mw32.dll
2011-07-27 19:45:42 218624 ----a-w- c:\windows\system32\termlw32.dll
2011-07-26 17:42:27 -------- d-----w- c:\windows\pss
2011-07-26 17:40:14 -------- d-----w- c:\program files\Lavasoft
.
==================== Find3M ====================
.
2011-07-10 17:46:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 00:35:26 1004 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 15:02:48.09 ===============

Thanks so much for your help! -- Marty

Attached Files



#5 MReed98643

MReed98643
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 07 August 2011 - 05:24 PM

Looks like I do have the Windows CD for this computer after all, I just found it. -- Marty

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 PM

Posted 07 August 2011 - 09:12 PM

Hello,


1.
Please download and run Unhide.exe

2.
Please download ExeFix.scr by Farbar and save it to a flashdrive or on the root of the system drive (usually C:).
  • Important: Boot your computer into the account that has trouble running exe files.
  • Run the tool.
  • The tool notifies you within a fraction of a second to reboot the computer, please do so.
  • Please tell me if you are now able to run programs.
Note: If the tool did not run you may change the extension to .com or .bat or .cmd or .pif
Also note that in order the fix to work you need to be booted to the user account that has trouble running exe files.

3.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.5.6.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

4.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply:
TDSSKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 MReed98643

MReed98643
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 07 August 2011 - 11:20 PM

Followed all steps. Yes, I'm able to run programs after running ExeFix.scr (actually have been able to run them ever since running iExplore.exe a short while back). TDSSKiller didn't find anything, so no log to post from that. Below is my ComboFix log:

ComboFix 11-08-07.03 - k151 08/07/2011 20:25:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1629 [GMT -7:00]
Running from: c:\documents and settings\k151\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\k151\Desktop\Downloads\IDAutomation_C39FontAdvantage\_INSTALL.exe
c:\documents and settings\k151\WINDOWS
c:\windows\system32\Cache
G:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-07-08 to 2011-08-08 )))))))))))))))))))))))))))))))
.
.
2011-08-08 02:52 . 2011-08-08 02:40 286655 ----a-w- C:\ExeFix.scr
2011-07-27 19:45 . 2011-07-27 19:45 53248 ----a-w- c:\windows\system32\6to4v32.dll
2011-07-27 19:45 . 2011-07-27 19:45 35840 ----a-w- c:\windows\system32\ter1mw32.dll
2011-07-27 19:45 . 2011-07-27 19:45 218624 ----a-w- c:\windows\system32\termlw32.dll
2011-07-27 15:14 . 2011-07-27 15:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-07-26 20:04 . 2011-07-26 20:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-07-26 20:04 . 2011-07-26 20:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-07-26 17:40 . 2011-07-26 17:40 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 17:46 . 2011-06-06 16:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 02:52 . 2010-05-05 03:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 02:52 . 2010-05-05 03:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-10 15:06 . 2011-04-05 17:10 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06 . 2008-09-01 02:47 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskTray"="c:\program files\Creative\SBAudigy\Taskbar\CTLTray.exe" [2001-06-29 163840]
"Taskbar"="c:\program files\Creative\SBAudigy\Taskbar\CTLTask.exe" [2001-09-20 122880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-09-14 28672]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-08-01 191488]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SpeechExec Startup"="c:\program files\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe" [2006-05-30 16384]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-30 4620288]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-15 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-4-7 30208]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-2-24 114688]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-6-16 184320]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-4-7 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IsWow64Process]
2011-07-27 19:45 35840 ----a-w- c:\windows\system32\ter1mw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 20:10 18744 ----a-w- c:\windows\system32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ter1mw32]
2011-07-27 19:45 35840 ----a-w- c:\windows\system32\ter1mw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsvces]
2011-07-27 19:45 35840 ----a-w- c:\windows\system32\ter1mw32.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2513937148
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 hpt374;hpt374;c:\windows\system32\drivers\hpt374.sys [3/7/2003 3:04 AM 104214]
R2 hptsvr;HighPoint RAID Management Service;c:\program files\HighPoint Technologies, Inc\HighPoint RAID Management Software\Service\hptsvr.exe [7/23/2005 1:48 PM 53248]
R2 TermServices;Remote Desktop Service;c:\windows\System32\svchost.exe -k termsvc [3/31/2003 5:00 AM 14336]
R3 dgcodec;dgcodec;c:\windows\system32\drivers\dgcodec.sys [10/1/2010 2:23 AM 3239335]
R3 dgvideo;dgvideo;c:\windows\system32\drivers\dgvideo.sys [10/1/2010 2:23 AM 1246503]
R3 digim2ba;digim2ba;c:\windows\system32\drivers\digim2ba.sys [10/1/2010 2:23 AM 7908]
R3 DigiPnp;DigiPnp;c:\windows\system32\drivers\Digipnp.sys [7/13/2008 9:51 AM 7266]
R3 digisclk;digisclk;c:\windows\system32\drivers\digisclk.sys [10/1/2010 2:23 AM 9348]
R3 digismem;digismem;c:\windows\system32\drivers\digismem.sys [10/1/2010 2:23 AM 28868]
R3 digisnif;digisnif;c:\windows\system32\drivers\digisnif.sys [10/1/2010 2:23 AM 65572]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [7/13/2008 9:23 AM 1758336]
R3 flex3dio;flex3dio;c:\windows\system32\drivers\flex3dio.sys [10/1/2010 2:23 AM 72644]
R3 mvkG550rt;mvkG550rt;c:\windows\system32\drivers\mvkG550rt.sys [10/1/2010 2:20 AM 2986887]
R3 MvkMiniVFX;mvkMiniVFX;c:\windows\system32\drivers\MvkMiniVFX.sys [10/1/2010 2:20 AM 36139]
R3 mvkRTXio;mvkRTXio;c:\windows\system32\drivers\mvkRtXIo.sys [10/1/2010 2:20 AM 64359]
R3 mvkVideoBus;mvkVideoBus;c:\windows\system32\drivers\mvkMinicuda.sys [10/1/2010 2:20 AM 48973]
S2 DVR2EXP;ADS DVD Xpress;c:\windows\system32\drivers\dvr2exp.sys [12/14/2004 12:50 AM 34760]
S3 Clipditcmw;Clipditcmw;c:\windows\system32\drivers\ctljystk.sys [10/11/2004 3:58 AM 3712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/4/2010 8:42 PM 41272]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
termsvc REG_MULTI_SZ TermServices
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-28 c:\windows\Tasks\accuscript nightly.job
- c:\accuscript\asutil\AsPurge.exe [2008-02-11 01:29]
.
2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
.
2011-07-28 c:\windows\Tasks\purgemsg.job
- c:\accuscript\asutil\MsgTemplate.exe [2008-02-11 01:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 10.1.10.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
Notify-KERNEL32 - (no file)
Notify-NavLogon - (no file)
Notify-Service Pack 2 - LC
AddRemove-HighPoint RAID Management Software - c:\program files\HighPoint Technologies
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 20:44
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????<5???A~??A~????????\???\???????????U?A~??A~\???\?????????`??????C@?\???\??????s????\??????s\???x<5?A??sx<5??C@?x???`|?w\?????@
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X??? ???????????? C?????Disc Detector?B???A???????A?P?????B???@???@?? C???????@?????????@?B???A???????A???????B???@?????P?????@?`?????????A~??????????@?Q?????????????????B???????????????????????????????????B
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:a4,88,66,f5,2b,c9,84,a6,fb,43,a1,e0,91,b0,bb,6e,a9,46,c3,98,22,
e0,95,21,8b,c8,a4,95,3f,f1,6e,10,a5,78,48,4f,8d,da,c9,14,b5,9e,0e,eb,80,d3,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:a4,88,66,f5,2b,c9,84,a6,fb,43,a1,e0,91,b0,bb,6e,a9,46,c3,98,22,
e0,95,21,8b,c8,a4,95,3f,f1,6e,10,a5,78,48,4f,8d,da,c9,14,b5,9e,0e,eb,80,d3,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\WININET.dll
c:\windows\system32\ter1mw32.dll
c:\windows\system32\PCANotify.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3668)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Matrox X.tools\System\digisc.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Creative\ShareDLL\MediaDet.Exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-07 20:50:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-08 03:50
.
Pre-Run: 130,308,018,176 bytes free
Post-Run: 134,515,281,920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 82935A49477290138061BC8765D83F5E

Thanks for your help!

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 PM

Posted 08 August 2011 - 05:53 AM

Hello,

Glad to hear things are better just a few leftovers and final checking to make sure your clean.


1.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\system32\ter1mw32.dll

DDS::
uInternet Settings,ProxyOverride = *.local

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2513937148]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


2.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

3.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Things to include in your next reply::
Combofix.txt
MBAM log
Eset log
How is your machine running now?

Edited by fireman4it, 08 August 2011 - 05:54 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 MReed98643

MReed98643
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 08 August 2011 - 03:50 PM

I can get as far as clicking "Scan" on MalwareBytes, but then within five seconds or so, the program disappears and doesn't even show up in the Task Manager. The first time that happened, I rebooted, and I got a phony system message: "The maximum number of secrets that mey be stored in a single system has been exceeded. The length and number of secrets is limited to satisfy United States State Department export restrictions." (!) I saw that the MalwareBytes icon had been changed to the one you get when there's no associated program, so I removed MalwareBytes and reinstalled it. Same thing happened again, minus the "secrets" message. This is a nasty so-and-so, isn't it? Here's the ComboFix log that ran with CFScript:

ComboFix 11-08-07.03 - k151 08/08/2011 10:31:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1624 [GMT -7:00]
Running from: c:\documents and settings\k151\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\k151\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\ter1mw32.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Documents\iexplore.exe
c:\program files\messenger\msmsgsin.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\setup.ini
c:\windows\system32\ter1mw32.dll
G:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-08 to 2011-08-08 )))))))))))))))))))))))))))))))
.
.
2011-08-08 02:52 . 2011-08-08 02:40 286655 ----a-w- C:\ExeFix.scr
2011-07-27 19:45 . 2011-07-27 19:45 218624 ----a-w- c:\windows\system32\termlw32.dll
2011-07-27 15:14 . 2011-07-27 15:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-07-26 20:04 . 2011-07-26 20:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-07-26 20:04 . 2011-07-26 20:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-07-26 17:40 . 2011-07-26 17:40 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 17:46 . 2011-06-06 16:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 02:52 . 2010-05-05 03:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 02:52 . 2010-05-05 03:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-08_03.45.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-08 17:43 . 2011-08-08 17:43 16384 c:\windows\Temp\Perflib_Perfdata_230.dat
+ 2010-09-29 19:08 . 2011-08-08 17:43 225098 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskTray"="c:\program files\Creative\SBAudigy\Taskbar\CTLTray.exe" [2001-06-29 163840]
"Taskbar"="c:\program files\Creative\SBAudigy\Taskbar\CTLTask.exe" [2001-09-20 122880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-09-14 28672]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-08-01 191488]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SpeechExec Startup"="c:\program files\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe" [2006-05-30 16384]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-30 4620288]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-15 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-4-7 30208]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-2-24 114688]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-6-16 184320]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-4-7 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 20:10 18744 ----a-w- c:\windows\system32\PCANotify.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 hpt374;hpt374;c:\windows\system32\drivers\hpt374.sys [3/7/2003 3:04 AM 104214]
R2 hptsvr;HighPoint RAID Management Service;c:\program files\HighPoint Technologies, Inc\HighPoint RAID Management Software\Service\hptsvr.exe [7/23/2005 1:48 PM 53248]
R2 TermServices;Remote Desktop Service;c:\windows\System32\svchost.exe -k termsvc [3/31/2003 5:00 AM 14336]
R3 dgcodec;dgcodec;c:\windows\system32\drivers\dgcodec.sys [10/1/2010 2:23 AM 3239335]
R3 dgvideo;dgvideo;c:\windows\system32\drivers\dgvideo.sys [10/1/2010 2:23 AM 1246503]
R3 digim2ba;digim2ba;c:\windows\system32\drivers\digim2ba.sys [10/1/2010 2:23 AM 7908]
R3 DigiPnp;DigiPnp;c:\windows\system32\drivers\Digipnp.sys [7/13/2008 9:51 AM 7266]
R3 digisclk;digisclk;c:\windows\system32\drivers\digisclk.sys [10/1/2010 2:23 AM 9348]
R3 digismem;digismem;c:\windows\system32\drivers\digismem.sys [10/1/2010 2:23 AM 28868]
R3 digisnif;digisnif;c:\windows\system32\drivers\digisnif.sys [10/1/2010 2:23 AM 65572]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [7/13/2008 9:23 AM 1758336]
R3 flex3dio;flex3dio;c:\windows\system32\drivers\flex3dio.sys [10/1/2010 2:23 AM 72644]
R3 mvkG550rt;mvkG550rt;c:\windows\system32\drivers\mvkG550rt.sys [10/1/2010 2:20 AM 2986887]
R3 MvkMiniVFX;mvkMiniVFX;c:\windows\system32\drivers\MvkMiniVFX.sys [10/1/2010 2:20 AM 36139]
R3 mvkRTXio;mvkRTXio;c:\windows\system32\drivers\mvkRtXIo.sys [10/1/2010 2:20 AM 64359]
R3 mvkVideoBus;mvkVideoBus;c:\windows\system32\drivers\mvkMinicuda.sys [10/1/2010 2:20 AM 48973]
S2 DVR2EXP;ADS DVD Xpress;c:\windows\system32\drivers\dvr2exp.sys [12/14/2004 12:50 AM 34760]
S3 Clipditcmw;Clipditcmw;c:\windows\system32\drivers\ctljystk.sys [10/11/2004 3:58 AM 3712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/4/2010 8:42 PM 41272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
termsvc REG_MULTI_SZ TermServices
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-28 c:\windows\Tasks\accuscript nightly.job
- c:\accuscript\asutil\AsPurge.exe [2008-02-11 01:29]
.
2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
.
2011-07-28 c:\windows\Tasks\purgemsg.job
- c:\accuscript\asutil\MsgTemplate.exe [2008-02-11 01:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 10.1.10.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-IsWow64Process - ter1mw32.dll
Notify-ter1mw32 - ter1mw32.dll
Notify-termsvces - ter1mw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-08 10:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???4????<5???A~??A~4???????\???\???????????U?A~??A~\???\?????????a??????C@?\???\??????s4???\??????s\????<5?A??s?<5??C@?x???`|?w\?????@
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?p?????B???@???@?? C???????@?????????@?B???A???????A???????B???@?????P?????@???????????A~??????????@???????????????????B??????????????????????????@????????B
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:a4,88,66,f5,2b,c9,84,a6,fb,43,a1,e0,91,b0,bb,6e,a9,46,c3,98,22,
e0,95,21,8b,c8,a4,95,3f,f1,6e,10,a5,78,48,4f,8d,da,c9,14,b5,9e,0e,eb,80,d3,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:a4,88,66,f5,2b,c9,84,a6,fb,43,a1,e0,91,b0,bb,6e,a9,46,c3,98,22,
e0,95,21,8b,c8,a4,95,3f,f1,6e,10,a5,78,48,4f,8d,da,c9,14,b5,9e,0e,eb,80,d3,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\WININET.dll
c:\windows\system32\PCANotify.dll
.
- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Matrox X.tools\System\digisc.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\HighPoint Technologies, Inc\HighPoint RAID Management Software\service\drvinst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Creative\ShareDLL\MediaDet.Exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-08 10:49:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-08 17:49
ComboFix2.txt 2011-08-08 03:50
.
Pre-Run: 134,482,718,720 bytes free
Post-Run: 134,521,442,304 bytes free
.
- - End Of File - - 11CDCFC9DF0B80BB5ECF212E0C980462

Thanks, Bleepin' Fireman!

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 PM

Posted 08 August 2011 - 05:34 PM

1.Please click HERE to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button Posted Image
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button Posted Image then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

2.
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Edited by fireman4it, 08 August 2011 - 05:36 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 MReed98643

MReed98643
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 08 August 2011 - 09:01 PM

I can get the Kaspersky Virus Removal Tool to install -- or at least it looks like it's installing -- but after the "installing" box goes away, nothing ever comes back. I found a Kaspersky install log that says something about "uninstalling" near the end. Is there another way to run this tool? Should I go ahead and run the RootKit Unhooker, or do I need to do the Kaspersky one first? I have to go to work now but will check back late this evening. Thanks as always -- Marty

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 PM

Posted 08 August 2011 - 09:16 PM

Hello,

Go ahead and run RkuUnhooker and try this,

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 MReed98643

MReed98643
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 09 August 2011 - 01:55 AM

Hi - It looks like RKUnhooker did everything it's supposed to, and I have a log from that to post below. I tried to run Dr.WebCureIt in Safe Mode, but it looks like this too is getting knocked out before it can do its work. It does the express scan and tells me there are viruses to fix. When I click OK, I see the console for just a moment, and then it disappears. When I look in the Doctor Web folder, there's a log but no quarantine folder. I'll include that log as well.

By the way, I'm doing all of my downloading, forum posts, etc., from a different computer because web activity on the infected computer is still problematic, with slow response and Google clicks being redirected.

Here's my RKUnhooker log:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3739648 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 66.93 )
0xA10D4000 C:\WINDOWS\System32\Drivers\dgcodec.sys 3239936 bytes (Matrox Electronic Systems, DigiSuite DTV Codec Driver)
0xB7922000 C:\WINDOWS\system32\DRIVERS\mvkG550rt.sys 2990080 bytes (Matrox Electronic Systems, -)
0xB84B3000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2830336 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 66.93 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2252800 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2252800 bytes
0x804D7000 RAW 2252800 bytes
0x804D7000 WMIxWDM 2252800 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA0763000 C:\WINDOWS\System32\Drivers\dgvideo.sys 1249280 bytes (Matrox Electronic Systems, DigiSuite DTV Video Driver)
0xB7EF1000 C:\WINDOWS\system32\drivers\e10kx2k.sys 1126400 bytes (Creative Technology Ltd, Creative EMU10Kx Device Driver (WDM))
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA324C000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB1134000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xA3351000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA185D000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9F8E4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB11B5000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xA05E9000 C:\WINDOWS\system32\drivers\MidiSyn.sys 192512 bytes (Analog Devices Inc, Analog Devices Kernel DLS Synthesizer)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF786A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA192C000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA05BE000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA32BB000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA3329000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB78FE000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xB7E1C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xA0618000 C:\WINDOWS\system32\drivers\aec.sys 143360 bytes (Microsoft Corporation, Microsoft Acoustic Echo Canceller)
0xB7DF9000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA0740000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB82D1000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA32E6000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA3308000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806FD000 ACPI_HAL 134400 bytes
0x806FD000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7449000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7DC3000 C:\WINDOWS\System32\drivers\ctsfm2k.sys 122880 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xBA7E5000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA3233000 C:\WINDOWS\System32\Drivers\dump_hpt374.sys 102400 bytes
0xF7481000 hpt374.sys 102400 bytes (HighPoint Technologies, Inc., HPT374 Miniport Driver)
0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7DE1000 C:\WINDOWS\system32\drivers\ctoss2k.sys 98304 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB7CF1000 C:\WINDOWS\System32\drivers\emupia2k.sys 98304 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xF7469000 C:\WINDOWS\system32\drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7420000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB12E7000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA063B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB12FE000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB83C4000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA33A9000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xA1413000 C:\WINDOWS\System32\Drivers\flex3dio.sys 73728 bytes (Matrox Electronic Systems, Matrox FLEX3D Input/Output Driver)
0xF7437000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7C4C000 C:\WINDOWS\System32\drivers\ctac32k.sys 69632 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xB7C3B000 C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS 69632 bytes (NETGEAR , NETGEAR GA311 Gigabit Adapter NDIS 5.0 Driver )
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB11E6000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAB1D4000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xA167D000 C:\WINDOWS\System32\Drivers\digisnif.sys 65536 bytes (Matrox Electronic Systems, Matrox Digisuite Bus Sniffer Driver)
0xAB6DF000 C:\WINDOWS\system32\DRIVERS\mvkRtXIo.sys 65536 bytes (Matrox Electronic Systems, -)
0xBA7C5000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB3DE9000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xAB204000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB95A6000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7657000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB333C000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA1435000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xAB6EF000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xAA786000 C:\WINDOWS\system32\drivers\swmidi.sys 57344 bytes (Microsoft Corporation, Microsoft GS Wavetable Synthesizer)
0xF7667000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB334C000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7637000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76B7000 C:\WINDOWS\system32\drivers\DMusic.sys 53248 bytes (Microsoft Corporation, Microsoft Kernel DLS Synthesizer)
0xBA785000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB330C000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB9556000 C:\WINDOWS\system32\DRIVERS\mvkMinicuda.sys 49152 bytes (Matrox Electronic Systems, -)
0xB32EC000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7677000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xB332C000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB32FC000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7647000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0xAB6FF000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB32BC000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
!!!!!!!!!!!Hidden driver: 0xB725E000 4153304040 36864 bytes
0xA1475000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAB1F4000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB331C000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7527000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF75F7000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB32DC000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xAB6CF000 C:\WINDOWS\System32\Drivers\MvkMiniVFX.sys 36864 bytes (Matrox Electronic Systems, -)
0xAB224000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7547000 C:\WINDOWS\System32\DRIVERS\SMBios.sys 36864 bytes (Intel Corporation, Intel® System Management BIOS Driver)
0xAB6BF000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB2A28000 C:\WINDOWS\System32\Drivers\digismem.sys 32768 bytes (Matrox Electronic Systems, Memory Services Driver)
0xB2A00000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB29F8000 C:\WINDOWS\system32\drivers\sf.sys 32768 bytes (Sonic Focus, Inc, DSP service driver)
0xAB049000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xB3E9B000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB3250000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77E7000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB3E93000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB3EAB000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB3EA3000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB2A10000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xAA684000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xAB051000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xAA67C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB3240000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB3238000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB3248000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77B7000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB123F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAA6F2000 C:\WINDOWS\System32\Drivers\dump_diskdump.sys 16384 bytes
0xF789F000 Gernuwa.sys 16384 bytes (Symantec Corporation, pcAnywhere AWUNREG Driver)
0xB3F23000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7933000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB5667000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xAADFB000 C:\WINDOWS\System32\Drivers\awlegacy.sys 12288 bytes (Symantec Corporation, pcAnywhere Legacy Driver Module)
0xBA701000 C:\WINDOWS\system32\drivers\aw_host5.sys 12288 bytes (Symantec Corporation, pcAnywhere Host Driver for Windows 2000/XP)
0xF789B000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA15B9000 C:\WINDOWS\System32\Drivers\digisclk.sys 12288 bytes (Matrox Electronic Systems, Matrox DigiSuite System Clock Driver)
0xAA6D6000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9D6E000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0x8A8CF000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA18D4000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xAB9CC000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB5657000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB5663000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xAADF7000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAC3EC000 C:\WINDOWS\system32\drivers\awechomd.sys 8192 bytes (Symantec Corporation, pcAnywhere Video Miniport Driver)
0xAC3EE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79B7000 C:\WINDOWS\System32\drivers\ctprxy2k.sys 8192 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xAAD5C000 C:\WINDOWS\System32\Drivers\digim2ba.sys 8192 bytes (Matrox Electronic Systems, Matrox DigiSuite Movie-2 Bus Arbitrator Driver)
0xF79BD000 C:\WINDOWS\System32\Drivers\DigiPnp.sys 8192 bytes (Matrox Electronic Systems, PnP driver for the Marvel Suite)
0xF7989000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xAC3F0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xAC3EA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7997000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xAC706000 C:\WINDOWS\system32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xAC3E8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB458B000 C:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xB5E8E000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xAC6FA000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB5E90000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0xF7987000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB2A91000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AB9000 C:\WINDOWS\system32\drivers\drmkaud.sys 4096 bytes (Microsoft Corporation, Microsoft Kernel DRM Audio Descrambler Filter)
0xF7AA5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB33B2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8A96231B ?_empty_? 3301 bytes
!!!!!!!!!!!Hidden driver: 0xF750D9D0 00000582 1584 bytes
0xF750D9D0 unknown_irp_handler 1584 bytes
==============================================
>Stealth
==============================================
0xF7481000 WARNING: suspicious driver modification [hpt374.sys::0x8A96231B]
0xF750893C Unknown page with executable code, 1732 bytes
0xF750D693 Unknown page with executable code, 2413 bytes
0xF750A617 Unknown page with executable code, 2537 bytes
0xF750A4E6 Unknown page with executable code, 2842 bytes
0xF750D185 Unknown page with executable code, 3707 bytes
WARNING: Virus alike driver modification [i8042prt.sys]
0xB7262D20 Unknown thread object [ ETHREAD 0x8951C020 ] TID: 120, 600 bytes
0xB7262D20 Unknown thread object [ ETHREAD 0x89679A38 ] TID: 124, 600 bytes
0xF750F105 Unknown thread object [ ETHREAD 0x8976B340 ] TID: 128, 600 bytes
0xF750F105 Unknown thread object [ ETHREAD 0x89684020 ] TID: 132, 600 bytes
0xF750CC20 Unknown page with executable code, 992 bytes


Now here's the log from Dr.CureIt's express scan:

=============================================================================
Dr.Web Scanner for Windows v6.00.11 (6.00.11.07112)
© Doctor Web, Ltd., 1992-2011
Log generated on: 2011-08-08, 23:18:53 [VIDEO1][k151]
Command line: "C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\d8664_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\91dc9237 - 1915 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b466d69c - 1 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\7a1c4606 - 23517 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b6c22153 - 20563 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\4ed7f077 - 29147 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\4772414e - 20771 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\d5ca49e2 - 41547 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\a9c84af9 - 35434 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\8538b930 - 41517 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\51b10341 - 25512 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\9cc5d517 - 28999 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\25685bd1 - 36564 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\c066a851 - 30676 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\82b399e2 - 25157 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\1fde9b11 - 21479 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\30b76a06 - 23541 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\4e6b1ee4 - 24447 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\73c6231d - 21471 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\7140bfdc - 17824 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\9751c422 - 18737 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\4755b3c7 - 8998 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\eaf47a34 - 9352 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\6c5bbe1c - 4901 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\5edd73b1 - 7472 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\026fbca1 - 13720 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\ead844d0 - 12944 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\6d8e01f4 - 17300 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\1e24d6ec - 17443 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\7f89eb16 - 18483 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b2d20755 - 14834 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\99955f53 - 14185 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\91dcafc1 - 13370 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b260c4f8 - 7482 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\53ab7eb4 - 11624 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\f9330654 - 10523 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\89628d3b - 10122 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\c56ef6a3 - 10453 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\e4f301ec - 10778 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\cd2c7219 - 9822 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\53091027 - 14045 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\325b8c26 - 7028 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\d99c5ab8 - 8674 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\acb085a7 - 8626 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\268de016 - 8231 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\2d154836 - 10397 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\7c35dced - 11234 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\67873622 - 10356 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\dc4623a5 - 11383 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\21b516e9 - 8957 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\379746e7 - 11015 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\287f1d1b - 11168 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\94ff955b - 7798 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\fb828edf - 7873 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\e48b79b2 - 6904 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b224b448 - 6503 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\7b1012f8 - 9823 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\bf523880 - 7572 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\e9f5f3ab - 6996 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\5b9ad8c4 - 16360 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\e78af023 - 29168 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\6d8cb8e3 - 34202 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b2c65743 - 28292 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\d7327279 - 27164 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\0fd94930 - 25131 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\44cb0f20 - 31464 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\1e37246b - 18281 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\e10de660 - 18009 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\fd00e26e - 24685 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\07ab139a - 13651 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\312179bd - 16025 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b5e4eee1 - 15644 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\57bfa0e2 - 23265 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b13f77b9 - 23135 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\4cfa8ae5 - 20510 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\0adf637c - 25475 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b4a70c32 - 16298 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\263bf6ab - 19357 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\d7284597 - 18381 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b1a1c1de - 19562 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\7363d452 - 27102 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\77a01fce - 21223 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\8f5a68ee - 24847 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\4a00d2ac - 23251 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\2cca7fd7 - 14982 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\e75c40a7 - 16778 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\2a7f0dbe - 18725 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\71e54cc7 - 18429 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b54535cb - 6220 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\ed86a33f - 142240 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\9d38d971 - 66726 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\a527e298 - 24512 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\f4e147f3 - 82762 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\d3559c16 - 508543 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\bd2e0357 - 965 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\f413fb6a - 1843 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\43800fc3 - 1694 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\d6d5dfd5 - 1578 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b7e74ff4 - 1959 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\ba09df34 - 2033 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\16f26a05 - 1812 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\65e0a141 - 1738 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\109757ab - 1885 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\4b548f20 - 2091 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\8b06d03d - 1569 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\6316488b - 1834 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\c2a23ef8 - 1215 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\36c7b8ba - 2208 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\36b443e9 - 2483 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\0ee4780d - 1603 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\ab77c93e - 1919 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\365a5b39 - 1819 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\623a3567 - 2229 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\7f2b1477 - 1833 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\a3189c8e - 1614 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\ca463982 - 2297 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\19d4367a - 2110 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\282038fe - 2007 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\c85ba120 - 2370 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\dcabd684 - 2241 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\30e63ba4 - 2596 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\eb806592 - 2024 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\367976a3 - 1609 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\90316f2d - 1471 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\1a4283a5 - 1445 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\481874f0 - 1895 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\51900e7e - 2312 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\af5d64f9 - 3006 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\c79c1ab5 - 2146 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\ed79dccb - 1714 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\3a68d86e - 2095 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\93f33fb7 - 2715 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\b226c0ee - 2545 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\78fc1020 - 2801 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\052d8f65 - 6197 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\38cbd23d - 28348 virus records
Total virus records: 2461475
[Self-checking] C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\d8664_xp.exe
Key file: C:\Documents and Settings\k151\Local Settings\temp\C0A57D56-60994F48-76A4651A-CC80D554\setup.key
License key number: 0013622856
Registered to: An unauthorized User
License key activates on: 2011-03-10
License key expires on: 2012-03-11
=============================================================================
Dr.Web Scanner for Windows v6.00.11 (6.00.11.07112)
© Doctor Web, Ltd., 1992-2011
Log generated on: 2011-08-08, 23:21:01 [VIDEO1][k151]
Command line: "C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\d8664_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\91dc9237 - 1915 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b466d69c - 1 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\7a1c4606 - 23517 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b6c22153 - 20563 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\4ed7f077 - 29147 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\4772414e - 20771 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\d5ca49e2 - 41547 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\a9c84af9 - 35434 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\8538b930 - 41517 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\51b10341 - 25512 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\9cc5d517 - 28999 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\25685bd1 - 36564 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\c066a851 - 30676 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\82b399e2 - 25157 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\1fde9b11 - 21479 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\30b76a06 - 23541 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\4e6b1ee4 - 24447 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\73c6231d - 21471 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\7140bfdc - 17824 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\9751c422 - 18737 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\4755b3c7 - 8998 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\eaf47a34 - 9352 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\6c5bbe1c - 4901 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\5edd73b1 - 7472 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\026fbca1 - 13720 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\ead844d0 - 12944 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\6d8e01f4 - 17300 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\1e24d6ec - 17443 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\7f89eb16 - 18483 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b2d20755 - 14834 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\99955f53 - 14185 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\91dcafc1 - 13370 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b260c4f8 - 7482 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\53ab7eb4 - 11624 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\f9330654 - 10523 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\89628d3b - 10122 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\c56ef6a3 - 10453 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\e4f301ec - 10778 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\cd2c7219 - 9822 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\53091027 - 14045 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\325b8c26 - 7028 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\d99c5ab8 - 8674 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\acb085a7 - 8626 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\268de016 - 8231 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\2d154836 - 10397 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\7c35dced - 11234 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\67873622 - 10356 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\dc4623a5 - 11383 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\21b516e9 - 8957 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\379746e7 - 11015 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\287f1d1b - 11168 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\94ff955b - 7798 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\fb828edf - 7873 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\e48b79b2 - 6904 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b224b448 - 6503 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\7b1012f8 - 9823 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\bf523880 - 7572 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\e9f5f3ab - 6996 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\5b9ad8c4 - 16360 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\e78af023 - 29168 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\6d8cb8e3 - 34202 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b2c65743 - 28292 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\d7327279 - 27164 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\0fd94930 - 25131 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\44cb0f20 - 31464 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\1e37246b - 18281 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\e10de660 - 18009 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\fd00e26e - 24685 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\07ab139a - 13651 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\312179bd - 16025 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b5e4eee1 - 15644 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\57bfa0e2 - 23265 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b13f77b9 - 23135 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\4cfa8ae5 - 20510 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\0adf637c - 25475 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b4a70c32 - 16298 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\263bf6ab - 19357 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\d7284597 - 18381 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b1a1c1de - 19562 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\7363d452 - 27102 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\77a01fce - 21223 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\8f5a68ee - 24847 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\4a00d2ac - 23251 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\2cca7fd7 - 14982 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\e75c40a7 - 16778 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\2a7f0dbe - 18725 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\71e54cc7 - 18429 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b54535cb - 6220 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\ed86a33f - 142240 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\9d38d971 - 66726 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\a527e298 - 24512 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\f4e147f3 - 82762 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\d3559c16 - 508543 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\bd2e0357 - 965 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\f413fb6a - 1843 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\43800fc3 - 1694 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\d6d5dfd5 - 1578 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b7e74ff4 - 1959 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\ba09df34 - 2033 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\16f26a05 - 1812 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\65e0a141 - 1738 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\109757ab - 1885 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\4b548f20 - 2091 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\8b06d03d - 1569 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\6316488b - 1834 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\c2a23ef8 - 1215 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\36c7b8ba - 2208 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\36b443e9 - 2483 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\0ee4780d - 1603 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\ab77c93e - 1919 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\365a5b39 - 1819 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\623a3567 - 2229 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\7f2b1477 - 1833 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\a3189c8e - 1614 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\ca463982 - 2297 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\19d4367a - 2110 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\282038fe - 2007 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\c85ba120 - 2370 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\dcabd684 - 2241 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\30e63ba4 - 2596 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\eb806592 - 2024 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\367976a3 - 1609 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\90316f2d - 1471 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\1a4283a5 - 1445 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\481874f0 - 1895 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\51900e7e - 2312 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\af5d64f9 - 3006 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\c79c1ab5 - 2146 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\ed79dccb - 1714 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\3a68d86e - 2095 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\93f33fb7 - 2715 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\b226c0ee - 2545 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\78fc1020 - 2801 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\052d8f65 - 6197 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\38cbd23d - 28348 virus records
Total virus records: 2461475
[Self-checking] C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\d8664_xp.exe
Key file: C:\Documents and Settings\k151\Local Settings\temp\B08B3814-E60BD208-C181DD00-AEC5E440\setup.key
License key number: 0013622856
Registered to: An unauthorized User
License key activates on: 2011-03-10
License key expires on: 2012-03-11
=============================================================================
Dr.Web Scanner for Windows v6.00.11 (6.00.11.07112)
© Doctor Web, Ltd., 1992-2011
Log generated on: 2011-08-08, 23:26:09 [VIDEO1][k151]
Command line: "C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\d8664_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\91dc9237 - 1915 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b466d69c - 1 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\7a1c4606 - 23517 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b6c22153 - 20563 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\4ed7f077 - 29147 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\4772414e - 20771 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\d5ca49e2 - 41547 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\a9c84af9 - 35434 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\8538b930 - 41517 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\51b10341 - 25512 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\9cc5d517 - 28999 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\25685bd1 - 36564 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\c066a851 - 30676 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\82b399e2 - 25157 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\1fde9b11 - 21479 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\30b76a06 - 23541 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\4e6b1ee4 - 24447 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\73c6231d - 21471 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\7140bfdc - 17824 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\9751c422 - 18737 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\4755b3c7 - 8998 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\eaf47a34 - 9352 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\6c5bbe1c - 4901 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\5edd73b1 - 7472 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\026fbca1 - 13720 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\ead844d0 - 12944 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\6d8e01f4 - 17300 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\1e24d6ec - 17443 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\7f89eb16 - 18483 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b2d20755 - 14834 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\99955f53 - 14185 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\91dcafc1 - 13370 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b260c4f8 - 7482 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\53ab7eb4 - 11624 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\f9330654 - 10523 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\89628d3b - 10122 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\c56ef6a3 - 10453 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\e4f301ec - 10778 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\cd2c7219 - 9822 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\53091027 - 14045 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\325b8c26 - 7028 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\d99c5ab8 - 8674 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\acb085a7 - 8626 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\268de016 - 8231 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\2d154836 - 10397 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\7c35dced - 11234 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\67873622 - 10356 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\dc4623a5 - 11383 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\21b516e9 - 8957 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\379746e7 - 11015 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\287f1d1b - 11168 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\94ff955b - 7798 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\fb828edf - 7873 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\e48b79b2 - 6904 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b224b448 - 6503 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\7b1012f8 - 9823 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\bf523880 - 7572 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\e9f5f3ab - 6996 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\5b9ad8c4 - 16360 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\e78af023 - 29168 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\6d8cb8e3 - 34202 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b2c65743 - 28292 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\d7327279 - 27164 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\0fd94930 - 25131 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\44cb0f20 - 31464 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\1e37246b - 18281 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\e10de660 - 18009 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\fd00e26e - 24685 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\07ab139a - 13651 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\312179bd - 16025 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b5e4eee1 - 15644 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\57bfa0e2 - 23265 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b13f77b9 - 23135 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\4cfa8ae5 - 20510 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\0adf637c - 25475 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b4a70c32 - 16298 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\263bf6ab - 19357 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\d7284597 - 18381 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b1a1c1de - 19562 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\7363d452 - 27102 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\77a01fce - 21223 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\8f5a68ee - 24847 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\4a00d2ac - 23251 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\2cca7fd7 - 14982 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\e75c40a7 - 16778 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\2a7f0dbe - 18725 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\71e54cc7 - 18429 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b54535cb - 6220 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\ed86a33f - 142240 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\9d38d971 - 66726 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\a527e298 - 24512 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\f4e147f3 - 82762 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\d3559c16 - 508543 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\bd2e0357 - 965 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\f413fb6a - 1843 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\43800fc3 - 1694 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\d6d5dfd5 - 1578 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b7e74ff4 - 1959 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\ba09df34 - 2033 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\16f26a05 - 1812 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\65e0a141 - 1738 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\109757ab - 1885 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\4b548f20 - 2091 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\8b06d03d - 1569 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\6316488b - 1834 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\c2a23ef8 - 1215 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\36c7b8ba - 2208 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\36b443e9 - 2483 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\0ee4780d - 1603 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\ab77c93e - 1919 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\365a5b39 - 1819 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\623a3567 - 2229 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\7f2b1477 - 1833 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\a3189c8e - 1614 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\ca463982 - 2297 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\19d4367a - 2110 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\282038fe - 2007 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\c85ba120 - 2370 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\dcabd684 - 2241 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\30e63ba4 - 2596 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\eb806592 - 2024 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\367976a3 - 1609 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\90316f2d - 1471 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\1a4283a5 - 1445 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\481874f0 - 1895 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\51900e7e - 2312 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\af5d64f9 - 3006 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\c79c1ab5 - 2146 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\ed79dccb - 1714 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\3a68d86e - 2095 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\93f33fb7 - 2715 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\b226c0ee - 2545 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\78fc1020 - 2801 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\052d8f65 - 6197 virus records
[Virus database] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\38cbd23d - 28348 virus records
Total virus records: 2461475
[Self-checking] C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\d8664_xp.exe
Key file: C:\Documents and Settings\k151\Local Settings\temp\F15E75C-2411F44C-8354BE0C-8E3C39D0\setup.key
License key number: 0013622856
Registered to: An unauthorized User
License key activates on: 2011-03-10
License key expires on: 2012-03-11

Thank you! -- Marty

#14 MReed98643

MReed98643
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 09 August 2011 - 01:00 PM

I just realized this morning that I never did try the online scan that you suggested, ESET. I got it going, and it actually made it all the way through. It found something like 42 threats and removed 32 of them. Here's the log:

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\Service\drvInst.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\HighPoint Technologies, Inc\HighPoint RAID Management Software\Service\hptsvr.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\iPod\bin\iPodService.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Matrox X.tools\System\digisc.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Maxtor\Sync\SyncServices.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe Win32/Patched.HN trojan error while cleaning
C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir a variant of Win32/Wimpixo.AA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP4\A0007199.dll a variant of Win32/Wimpixo.AA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP4\A0007294.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP4\A0007295.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP4\A0007337.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP4\A0007338.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP4\A0008337.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP4\A0008338.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP5\A0008349.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP5\A0008350.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP5\A0008359.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP5\A0008360.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP5\A0008378.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP5\A0008379.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP5\A0009378.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP5\A0009379.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP5\A0010378.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP5\A0010379.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP6\A0010393.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP6\A0010394.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP6\A0010407.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP6\A0010408.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP6\A0010412.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP6\A0010413.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP6\A0010423.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP6\A0010424.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP6\A0010431.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP6\A0010432.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP7\A0010441.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP7\A0010442.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP7\A0010450.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{327E882F-0744-4F2A-AEE5-F6F6A652B8C2}\RP7\A0010451.ini a variant of Win32/Sirefef.CH trojan cleaned by deleting - quarantined

Thanks -- Marty

#15 MReed98643

MReed98643
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 09 August 2011 - 01:10 PM

I just checked my computer performance after running the ESET scan and rebooting, and it still kills MalwareBytes and still redirects Google searches. No improvement that I can see. Thanks -- Marty




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users