Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer will not start up after Malwarebytes restart. Zentom System Gaurd detected.


  • This topic is locked This topic is locked
65 replies to this topic

#1 Domo!

Domo!

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 07 August 2011 - 07:31 AM

Hello, I'm having some issues with my PC after I saw some pop ups occur and was hoping for some insight into this particular issue.

I was in safemode checking up on some virus program that was acting up and when after some browsing I got massive pop ups from something called Zentom System Guard and it tried to install updates and such on my PC. I realized that this is a virus so I disconnected and ran Malwarebytes and it found the infections. I was then prompted to restart my computer and on the restart when booting back up I only got a black screen with a blinking white cursor.

I then went to try to do a scan via safe mode but I still couldn't pass the cursor page. I then loaded my external boot disk so I could run scans such as Spybot and SuperAntiSpyware but both programs came up with nothing. I then researched the problem and then noticed that the Zentom System Gaurd carried far worse properties and is a very serious virus. It is then I found the tutorial on this website and would have liked to try it but I cannot get past the cursor page right at startup. I can only get to the page that says Dell and gives me boot options. I have been going with the F12 and using the external boot disk.

I am on a Dell Dimension 4700 running Windows XP. I am grateful for any help I can get.

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 PM

Posted 07 August 2011 - 02:45 PM

Hi, :welcome:

Lets give it a try.

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.bin bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.bin is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, zip the mbr.bin, and except for the mbr.bin zipped file, post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.bin zipped file must be attached to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 07 August 2011 - 07:31 PM

Thank you for the response. I need to snag some cd-r's and I'll get right on this. My next post will be the saved usb log. Thanks again for the help.

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 PM

Posted 07 August 2011 - 09:13 PM

:thumbup2: :thumbup2:

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 August 2011 - 11:43 AM

Hello, I have made the xPUD CD and ran it after the F12 command but my monitor then shows the message: Cannot Display This Video Mode. I?m not sure but if is a monitor problem then I do have a spare. Thanks again for the assistance.

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 PM

Posted 08 August 2011 - 12:42 PM

Hello, I have made the xPUD CD and ran it after the F12 command but my monitor then shows the message: Cannot Display This Video Mode. I?m not sure but if is a monitor problem then I do have a spare. Thanks again for the assistance.

There are video adapters that are not compatible with xPUD.

You mention an external boot disk on your first post, what type of bootdisk you refer to?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 August 2011 - 01:14 PM

UCBD for Windows XP or otherwise known as Ultimate Boot CD for Windows

Edited by Domo!, 08 August 2011 - 05:36 PM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 PM

Posted 08 August 2011 - 09:39 PM

Download MBRFix. Save and extract its contents to the desktop. Once extracted,there will be three files in the folder. Copy just the MBRFix application to the USB drive.

In addition, download Farbar Recovery Scan Tool and save it to the USB drive.

Boot to the UBCD.

  • Once on the desktop, determine the drive letter assigned to your USB drive.

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.

  • Once you have identified the drive letter to your USB drive, then bring the computer to a Command prompt.
  • In the command window type X: and press Enter (Change the X with the drive letter to your USB drive. You should now be at the USB drive letter command prompt.
  • Type frst and press Enter
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • At the USB drive letter command prompt also type the following and press Enter:

MbrFix /drive 0 savembr X:\MBRDUMP.txt (Also change the X letter with the letter of your USB drive.)

Leave a space amond the following arguments:

MbrFix
/drive
0
savembr
X:\MBRDUMP.txt


The drive is Drive zero (Drive 0)

This will create a file in the USB drive labeled MBRDUMP.txt. Attach this file to a reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 August 2011 - 10:36 PM

Hello again, and thanks for the help. This is the log from FRST:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.1
Ran by SYSTEM at 2011-08-08 23:25:52
Running from F:\
Microsoft Windows XP Service Pack 2 (X86) OS Language: Georgian
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [4583424 2004-11-11] (NVIDIA Corporation)
HKLM\...\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [866584 2006-11-04] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [330 2011-08-06] ()
HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI [1600984 2011-05-13] (PC Tools)
HKLM\...\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe [247760 2011-05-20] (Threat Expert Ltd.)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [449584 2011-07-06] (Malwarebytes Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1047656 2011-07-06] (Malwarebytes Corporation)
HKU\Administrator\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Anton\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Anton\...\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1087 2011-04-10] ()
HKU\Anton\...\Run: [8DDYX0ZBPZ] C:\DOCUME~1\Anton\LOCALS~1\Temp\Og0.exe [185856 2011-08-06] ()
HKU\Anton\...\Policies\system: [disableregistrytools] 0
HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)
HKLM\...\RunOnce: [*parsesvcmsg.exe] "C:\WINDOWS\system32\parsesvcmsg.exe" [70144 2011-08-06] (iF Systems)
HKLM\...\Policies\Explorer\Run: [Bkgnyuflbi] rundll32 "C:\WINDOWS\system32\nscompat9.dll",Opekmpz [62976 2011-08-06] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\khfETjHB: khfETjHB.dll [X]
Winlogon\Notify\mlJcawUM: mlJcawUM.dll [X]
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
AppInit_DLLs: avgrsstx.dll mfxntb.dll
Lsa: [Authentication Packages] msv1_0
C:\WINDOWS\system32\efcaxxWq

================================ Services (Whitelisted) ==================

3 Adobe LM Service; "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2006-05-27] (Adobe Systems)
4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
2 Autodesk Licensing Service; "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [72704 2007-01-09] (Autodesk)
2 Browser Defender Update Service; "C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe" [337872 2011-05-20] (Threat Expert Ltd.)
3 CiSvc; C:\Windows\System32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
3 dmadmin; C:\Windows\System32\dmadmin.exe /com [224768 2008-04-14] (Microsoft Corp., Veritas Software)
2 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
3 DSBrokerService; "C:\Program Files\DellSupport\brkrsvc.exe" [76848 2007-03-07] ()
2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-10] (http://libusb-win32.sourceforge.net)
2 LightScribeService; "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [79136 2007-12-05] (Hewlett-Packard Company)
3 Macromedia Licensing Service; "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" [68096 2006-01-16] ()
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [366640 2011-07-06] (Malwarebytes Corporation)
2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
3 MHN; C:\Windows\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation)
3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
4 NetDDE; C:\Windows\System32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
4 NetDDEdsdm; C:\Windows\System32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)
3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-05] ()
3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
4 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
2 NVSvc; C:\Windows\System32\nvsvc32.exe [127046 2004-11-11] (NVIDIA Corporation)
2 OS Selector; "C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe" [2139400 2010-09-30] ()
2 PlugPlay; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP)
2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
3 RSVP; C:\Windows\System32\rsvp.exe [132608 2004-08-10] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
2 sdAuxService; C:\Program Files\PC Tools Security\pctsAuxs.exe [371472 2011-02-18] (PC Tools)
2 sdCoreService; C:\Program Files\PC Tools Security\pctsSvc.exe [1117144 2011-04-06] (PC Tools)
2 sprtsvc_ddoctorv2; "C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{B961CCBB-6B89-4FEA-B07E-37CC5131741E} [5120 2008-04-14] (Microsoft Corporation)
3 SysmonLog; C:\Windows\System32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
2 TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [3032360 2008-05-01] (Wacom Technology, Corp.)
3 ThreatFire; C:\Program Files\PC Tools Security\TFEngine\TFService.exe service [70928 2011-01-20] (PC Tools)
4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
3 usprserv; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-14] (Microsoft Corporation)
2 WinDefend; "C:\Program Files\Windows Defender\MsMpEng.exe" [13592 2006-11-04] (Microsoft Corporation)
3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2009-01-31] (Microsoft Corporation)
3 Wmi; C:\Windows\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
2 AOL ACS; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [x]
2 avg8emc; C:\PROGRA~1\AVG\AVG8\avgemc.exe [x]
2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [x]
2 MaxBackServiceInt; "C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe" [x]
2 mi-raysat_3dsmax8; "C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe" [x]
3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
3 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [x]
2 Roxio Upnp Server 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe" [x]
2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]
2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [x]

========================== Drivers (Whitelisted) =============

0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11648 2004-08-10] (Microsoft Corporation)
0 adpu160m; C:\Windows\System32\DRIVERS\adpu160m.sys [101888 2001-08-17] (Microsoft Corporation)
3 aeaudio; C:\Windows\System32\drivers\aeaudio.sys [4816 2002-04-01] (Andrea Electronics Corporation)
3 aec; C:\Windows\System32\drivers\aec.sys [142592 2008-04-14] (Microsoft Corporation)
0 agpCPQ; C:\Windows\System32\DRIVERS\agpCPQ.sys [44928 2008-04-14] (Microsoft Corporation)
0 Aha154x; C:\Windows\System32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation)
0 aic78u2; C:\Windows\System32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation)
0 aic78xx; C:\Windows\System32\DRIVERS\aic78xx.sys [56960 2010-06-25] (Microsoft Corporation)
0 alim1541; C:\Windows\System32\DRIVERS\alim1541.sys [42752 2008-04-13] (Microsoft Corporation)
0 amdagp; C:\Windows\System32\DRIVERS\amdagp.sys [43008 2008-04-14] (Advanced Micro Devices, Inc.)
0 amsint; C:\Windows\System32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation)
3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [60800 2008-04-14] (Microsoft Corporation)
0 asc; C:\Windows\System32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.)
0 asc3350p; C:\Windows\System32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation)
0 asc3550; C:\Windows\System32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.)
3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
3 BrSerIf; C:\Windows\System32\Drivers\BrSerIf.sys [52224 2006-12-12] (Brother Industries Ltd.)
3 BVRPMPR5; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2009-08-19] (Avanquest Software)
0 cbidf; C:\Windows\System32\DRIVERS\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation)
4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2001-08-17] (Microsoft Corporation)
0 cd20xrnt; C:\Windows\System32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation)
1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2004-08-10] (Microsoft Corporation)
0 Cpqarray; C:\Windows\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation)
3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
0 dac2w2k; C:\Windows\System32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation)
0 dac960nt; C:\Windows\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation)
4 dmboot; C:\Windows\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)
0 dmio; C:\Windows\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
0 dmload; C:\Windows\System32\drivers\dmload.sys [5888 2004-08-10] (Microsoft Corp., Veritas Software.)
3 DMusic; C:\Windows\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation)
0 dpti2o; C:\Windows\System32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation)
3 DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
2 dsunidrv; C:\Windows\System32\DRIVERS\dsunidrv.sys [5376 2007-02-25] (Gteko Ltd.)
3 E100B; C:\Windows\System32\DRIVERS\e100b325.sys [154112 2004-02-10] (Intel Corporation)
4 Fastfat; C:\Windows\System32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)
1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [125056 2001-08-17] (Microsoft Corporation)
3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
0 hpn; C:\Windows\System32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation)
3 HSFHWBS2; C:\Windows\System32\DRIVERS\HSFHWBS2.sys [212224 2003-11-17] (Conexant Systems, Inc.)
3 HSF_DP; C:\Windows\System32\DRIVERS\HSF_DP.sys [1042432 2003-11-17] (Conexant Systems, Inc.)
1 i2omgmt; C:\Windows\System32\Drivers\i2omgmt.sys [8576 2008-04-14] (Microsoft Corporation)
1 Imapi; C:\Windows\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
0 ini910u; C:\Windows\System32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation)
3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [36608 2008-04-14] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
3 kmixer; C:\Windows\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation)
3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-10] ()
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22712 2011-07-06] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [41272 2011-07-06] (Malwarebytes Corporation)
3 MHNDRV; C:\Windows\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation)
1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2004-08-10] (Microsoft Corporation)
3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation)
0 mraid35x; C:\Windows\System32\DRIVERS\mraid35x.sys [17280 2001-08-17] (American Megatrends Inc.)
3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)
3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [61824 2008-04-14] (Microsoft Corporation)
4 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation)
3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [2738400 2004-11-11] (NVIDIA Corporation)
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-10] (Microsoft Corporation)
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-10] (Microsoft Corporation)
0 ohci1394; C:\Windows\System32\DRIVERS\ohci1394.sys [61696 2008-04-14] (Microsoft Corporation)
1 omci; C:\Windows\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation)
4 ParVdm; C:\Windows\System32\Drivers\ParVdm.sys [6784 2004-08-10] (Microsoft Corporation)
4 Pcmcia; C:\Windows\System32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)
0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [263888 2011-05-11] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS.sys [338880 2010-07-16] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [656320 2010-07-16] (PC Tools)
1 pctgntdi; \??\C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys [251560 2011-05-06] (PC Tools)
3 pctplsg; \??\C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys [70664 2011-05-06] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [233976 2011-03-10] (PC Tools)
0 PenClass; C:\Windows\System32\Drivers\PenClass.sys [8138 2001-04-09] (Wacom Technology Corporation)
0 perc2; C:\Windows\System32\DRIVERS\perc2.sys [27296 2001-08-17] (Microsoft Corporation)
0 perc2hib; C:\Windows\System32\DRIVERS\perc2hib.sys [5504 2001-08-17] (Microsoft Corporation)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2004-08-10] (Parallel Technologies, Inc.)
0 ql1080; C:\Windows\System32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation)
0 Ql10wnt; C:\Windows\System32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation)
0 ql12160; C:\Windows\System32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation)
0 ql1240; C:\Windows\System32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation)
0 ql1280; C:\Windows\System32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation)
3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [16512 2004-08-10] (Microsoft Corporation)
1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [30588 2006-05-20] (PowerISO Computing, Inc.)
0 sdmtw; C:\Windows\System32\drivers\trjo.sys [54016 2011-08-06] ()
0 sisagp; C:\Windows\System32\DRIVERS\sisagp.sys [40960 2008-04-14] (Silicon Integrated Systems Corporation)
3 smwdm; C:\Windows\System32\drivers\smwdm.sys [612352 2004-04-09] (Analog Devices, Inc.)
0 snapman; C:\Windows\System32\DRIVERS\snapman.sys [166976 2011-03-01] (Acronis)
0 Sparrow; C:\Windows\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.)
3 splitter; C:\Windows\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-09-18] (Duplex Secure Ltd.)
0 sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
3 swmidi; C:\Windows\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation)
0 symc810; C:\Windows\System32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.)
0 symc8xx; C:\Windows\System32\DRIVERS\symc8xx.sys [32640 2001-08-17] (LSI Logic)
0 sym_hi; C:\Windows\System32\DRIVERS\sym_hi.sys [28384 2001-08-17] (LSI Logic)
0 sym_u3; C:\Windows\System32\DRIVERS\sym_u3.sys [30688 2001-08-17] (LSI Logic)
3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation)
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [51984 2011-01-20] (PC Tools)
3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [33552 2011-01-20] (PC Tools)
0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [69392 2011-01-20] (PC Tools)
0 TosIde; C:\Windows\System32\DRIVERS\toside.sys [4992 2001-08-17] (Microsoft Corporation)
0 ultra; C:\Windows\System32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.)
3 Update; C:\Windows\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
3 USBIO; C:\Windows\System32\Drivers\usbio.sys [19805 2001-05-07] (Thesycon GmbH, Germany)
0 viaagp; C:\Windows\System32\DRIVERS\viaagp.sys [42240 2008-04-14] (Microsoft Corporation)
0 ViaIde; C:\Windows\System32\DRIVERS\viaide.sys [5376 2008-04-14] (Microsoft Corporation)
3 wacmoumonitor; C:\Windows\System32\DRIVERS\wacmoumonitor.sys [15144 2008-03-17] (Wacom Technology)
3 wacommousefilter; C:\Windows\System32\DRIVERS\wacommousefilter.sys [11312 2007-02-16] (Wacom Technology)
3 wacomvhid; C:\Windows\System32\DRIVERS\wacomvhid.sys [13480 2008-01-15] (Wacom Technology)
3 WacomVKHid; C:\Windows\System32\DRIVERS\WacomVKHid.sys [11440 2007-02-15] (Wacom Technology)
3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation)
3 winachsf; C:\Windows\System32\DRIVERS\HSF_CNXT.sys [680704 2003-11-17] (Conexant Systems, Inc.)
4 Abiosdsk; [x]
3 Aeapsrd; [x]
4 Atdisk; [x]
1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [x]
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [x]
2 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [x]
3 bvrp_pci; [x]
1 Changer; [x]
3 CrucialSMBusScan; \??\C:\DOCUME~1\Anton\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys [x]
1 lbrtfdc; [x]
3 neokdss; C:\Windows\System32\Drivers\neokdss.sys [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
3 Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [x]
4 Simbad; [x]
3 Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [x]
3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [x]
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]
3 WDICA; [x]

========================== NetSvcs ========================
NETSVC: MHN

============ One Month Created Files and Folders ==============

2011-08-08 23:25 - 2011-08-08 23:25 - 0000000 ____D C:\FRST
2011-08-06 11:53 - 2011-08-06 11:54 - 1008041 ____A C:\Documents and Settings\Anton\Desktop\rkill.exe
2011-08-06 04:58 - 2011-08-06 04:58 - 0070144 ____A (iF Systems) C:\Windows\System32\parsesvcmsg.exe
2011-08-06 04:58 - 2011-08-06 04:58 - 0054016 ____A C:\Windows\System32\Drivers\trjo.sys
2011-08-06 04:53 - 2011-08-06 04:53 - 0001166 ____A C:\Documents and Settings\Anton\Start Menu\Programs\Startup\Zentom System Guard.lnk
2011-08-06 04:53 - 2011-08-06 04:53 - 0001154 ____A C:\Documents and Settings\Anton\Desktop\Zentom System Guard.lnk
2011-08-06 04:53 - 2011-08-06 04:53 - 0000000 ____D C:\Program Files\Yontoo Layers Runtime
2011-08-06 04:53 - 2011-08-06 04:53 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Tarma Installer
2011-08-06 04:52 - 2011-08-06 04:58 - 0000000 ____D C:\Documents and Settings\Anton\Application Data\E0A0895EE969606B0DA7C959CF93F887
2011-08-06 04:52 - 2011-08-06 04:53 - 0000246 ___AH C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
2011-08-06 04:52 - 2011-08-06 04:52 - 0181248 ____A C:\Windows\Ojykub.exe
2011-08-06 04:52 - 2011-08-06 04:52 - 0062976 _RASH C:\Windows\System32\nscompat9.dll
2011-08-06 04:52 - 2011-08-06 04:52 - 0000282 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2011-08-06 04:52 - 2011-08-06 04:51 - 0181248 ____A C:\Windows\Ojykua.exe
2011-08-06 04:51 - 2011-08-06 04:51 - 0000012 ____A C:\Windows\srun.log
2011-08-04 13:16 - 2011-08-04 13:16 - 1564948 ____A C:\Documents and Settings\Anton\Desktop\59071080[1].mp4
2011-08-04 12:04 - 2011-08-04 12:04 - 0098304 ____A C:\Windows\Minidump\Mini080411-01.dmp
2011-08-04 01:02 - 2011-08-04 01:03 - 3762840 ____A C:\Documents and Settings\Anton\Desktop\Mock up 1.jpg
2011-07-30 20:41 - 2011-07-30 20:41 - 0033280 ____A C:\Documents and Settings\Anton\My Documents\Treasure Hunter Outfit.doc
2011-07-30 20:41 - 2011-07-30 20:41 - 0000162 ___AH C:\Documents and Settings\Anton\My Documents\~$easure Hunter Outfit.doc
2011-07-30 02:55 - 2011-07-30 02:55 - 0015815 ____A C:\Documents and Settings\Anton\Desktop\Chojin Symbol.png
2011-07-30 02:54 - 2011-07-30 02:54 - 35803659 ____A C:\Documents and Settings\Anton\Desktop\Motivational Image.psd
2011-07-25 22:24 - 2011-07-25 23:42 - 37758383 ____A C:\Documents and Settings\Anton\Desktop\Daizenshuu_EX_-_Episode_0266.mp3
2011-07-25 02:26 - 2011-07-25 02:26 - 0026112 ____A C:\Documents and Settings\Anton\My Documents\All our dreams can come true.doc
2011-07-24 18:32 - 2011-07-24 18:32 - 0224834 ____A C:\Documents and Settings\Anton\Desktop\Halftone_brushes_by_env1ro.rar
2011-07-24 18:32 - 2011-07-24 18:32 - 0167649 ____A C:\Documents and Settings\Anton\Desktop\japanese_flowers_by_mel_rodicq.abr.zip
2011-07-24 18:31 - 2011-07-24 18:31 - 32291327 ____A C:\Documents and Settings\Anton\Desktop\Funky_Seamless_Orange_Patterns_by_WebTreatsETC.zip
2011-07-24 18:31 - 2011-07-24 18:31 - 11118462 ____A C:\Documents and Settings\Anton\Desktop\RisingSun_brushes_by_env1ro.rar
2011-07-24 18:29 - 2011-07-24 18:29 - 8398692 ____A C:\Documents and Settings\Anton\Desktop\flowers_by_PinkOnHead.abr.zip
2011-07-24 18:29 - 2011-07-24 18:29 - 4013747 ____A C:\Documents and Settings\Anton\Desktop\FlowerNtreesLikeBrushes.zip
2011-07-24 18:28 - 2011-07-24 18:28 - 2726064 ____A C:\Documents and Settings\Anton\Desktop\smudged-flowers.zip
2011-07-24 18:28 - 2011-07-24 18:28 - 2303462 ____A C:\Documents and Settings\Anton\Desktop\Photoshop_Brushes_by_Kikariz.abr.zip
2011-07-24 18:28 - 2011-07-24 18:28 - 13159306 ____A C:\Documents and Settings\Anton\Desktop\Watercolor_Splatters_(675_pixels).zip
2011-07-24 18:28 - 2011-07-24 18:28 - 0602682 ____A C:\Documents and Settings\Anton\Desktop\tech.zip
2011-07-24 18:27 - 2011-07-24 18:27 - 5258769 ____A C:\Documents and Settings\Anton\Desktop\flowerpack2.zip
2011-07-24 18:27 - 2011-07-24 18:27 - 1363425 ____A C:\Documents and Settings\Anton\Desktop\My_Little_Brushy_pack01-byCrappyUnicorn.abr.zip
2011-07-24 18:27 - 2011-07-24 18:27 - 0174846 ____A C:\Documents and Settings\Anton\Desktop\vectorbrushes.zip
2011-07-24 18:19 - 2011-07-24 18:19 - 2463659 ____A C:\Documents and Settings\Anton\Desktop\Funky_Brushes_by_Lydia_distracted.abr.zip
2011-07-24 00:30 - 2011-07-24 00:30 - 1016552 ____A C:\Documents and Settings\Anton\My Documents\HPIM0953.jpg
2011-07-24 00:29 - 2011-07-24 00:29 - 1341162 ____A C:\Documents and Settings\Anton\My Documents\HPIM0952.jpg
2011-07-24 00:29 - 2011-07-24 00:29 - 0870000 ____A C:\Documents and Settings\Anton\My Documents\HPIM0951.jpg
2011-07-21 10:51 - 2011-07-21 10:51 - 0008676 ___SH C:\Documents and Settings\Anton\My Documents\AlbumArt_{81EAC20A-FECC-452E-951A-D8AB1B8AA4D0}_Large.jpg
2011-07-21 10:51 - 2011-07-21 10:51 - 0002489 ___SH C:\Documents and Settings\Anton\My Documents\AlbumArt_{81EAC20A-FECC-452E-951A-D8AB1B8AA4D0}_Small.jpg
2011-07-19 12:49 - 2011-07-19 12:49 - 44227830 ____A C:\Documents and Settings\Anton\My Documents\edits 1.psd
2011-07-19 12:48 - 2011-07-19 12:48 - 40695568 ____A C:\Documents and Settings\Anton\My Documents\edits 2.psd
2011-07-19 11:51 - 2011-07-19 12:49 - 44150292 ____A C:\Documents and Settings\Anton\My Documents\contingency sheet2.psd
2011-07-19 11:49 - 2011-07-19 12:29 - 38219364 ____A C:\Documents and Settings\Anton\My Documents\contingency sheet.psd
2011-07-18 22:05 - 2011-07-18 22:04 - 0159019 ____A C:\Documents and Settings\Anton\My Documents\2185-10_600x450[1].jpg
2011-07-18 22:05 - 2011-07-18 22:04 - 0064447 ____A C:\Documents and Settings\Anton\My Documents\2185-10_1000x620[1].jpg
2011-07-18 22:05 - 2011-07-18 22:04 - 0036981 ____A C:\Documents and Settings\Anton\My Documents\2185-10_thumbs[1].jpg
2011-07-18 22:02 - 2011-07-18 22:02 - 0022528 ____A C:\Documents and Settings\Anton\My Documents\Master the basics.doc
2011-07-14 07:07 - 2011-07-14 07:07 - 0000000 __HDC C:\Windows\$NtUninstallKB2507938$
2011-07-14 07:02 - 2011-07-14 07:02 - 0000000 __HDC C:\Windows\$NtUninstallKB2555917$
2011-07-13 11:55 - 2011-07-14 07:07 - 0017741 ____A C:\Windows\KB2507938.log
2011-07-13 11:54 - 2011-07-14 07:02 - 0017618 ____A C:\Windows\KB2555917.log
2011-07-11 15:22 - 2011-07-13 16:16 - 0000263 ____A C:\Documents and Settings\Anton\Desktop\Newness.txt

============ 3 Months Modified Files and Folders ===============

2011-08-08 23:25 - 2011-08-08 23:25 - 0000000 ____D C:\FRST
2011-08-06 11:54 - 2011-08-06 11:53 - 1008041 ____A C:\Documents and Settings\Anton\Desktop\rkill.exe
2011-08-06 11:31 - 2005-03-31 16:43 - 0000313 ___AH C:\boot.ini
2011-08-06 04:58 - 2011-08-06 04:58 - 0070144 ____A (iF Systems) C:\Windows\System32\parsesvcmsg.exe
2011-08-06 04:58 - 2011-08-06 04:58 - 0054016 ____A C:\Windows\System32\Drivers\trjo.sys
2011-08-06 04:58 - 2011-08-06 04:52 - 0000000 ____D C:\Documents and Settings\Anton\Application Data\E0A0895EE969606B0DA7C959CF93F887
2011-08-06 04:58 - 2011-01-21 15:13 - 0000000 ____D C:\Program Files\PC Tools Security
2011-08-06 04:58 - 2010-10-15 11:07 - 0000000 __HDC C:\Windows\$NtUninstallKB2279986$
2011-08-06 04:58 - 2008-04-24 05:17 - 21271134 ____A C:\Windows\ntbtlog.txt
2011-08-06 04:58 - 2005-04-09 19:42 - 0000178 __ASH C:\Documents and Settings\Anton\NTUSER.INI
2011-08-06 04:58 - 2005-03-31 16:58 - 1073714 ____A C:\Windows\WindowsUpdate.log
2011-08-06 04:58 - 2005-03-31 16:58 - 0000178 __ASH C:\Documents and Settings\Administrator\NTUSER.INI
2011-08-06 04:53 - 2011-08-06 04:53 - 0001166 ____A C:\Documents and Settings\Anton\Start Menu\Programs\Startup\Zentom System Guard.lnk
2011-08-06 04:53 - 2011-08-06 04:53 - 0001154 ____A C:\Documents and Settings\Anton\Desktop\Zentom System Guard.lnk
2011-08-06 04:53 - 2011-08-06 04:53 - 0000000 ____D C:\Program Files\Yontoo Layers Runtime
2011-08-06 04:53 - 2011-08-06 04:53 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Tarma Installer
2011-08-06 04:53 - 2011-08-06 04:52 - 0000246 ___AH C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
2011-08-06 04:53 - 2005-04-09 19:42 - 0000000 ___RD C:\Documents and Settings\Anton\Start Menu
2011-08-06 04:52 - 2011-08-06 04:52 - 0181248 ____A C:\Windows\Ojykub.exe
2011-08-06 04:52 - 2011-08-06 04:52 - 0062976 _RASH C:\Windows\System32\nscompat9.dll
2011-08-06 04:52 - 2011-08-06 04:52 - 0000282 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2011-08-06 04:52 - 2009-08-24 12:40 - 0000000 ___SD C:\Documents and Settings\Anton\Local Settings\Temporary Internet Files
2011-08-06 04:51 - 2011-08-06 04:52 - 0181248 ____A C:\Windows\Ojykua.exe
2011-08-06 04:51 - 2011-08-06 04:51 - 0000012 ____A C:\Windows\srun.log
2011-08-06 04:51 - 2005-04-10 04:06 - 0000000 ____D C:\Documents and Settings\Anton\Application Data\Adobe
2011-08-06 04:41 - 2006-12-22 20:46 - 0001324 ____A C:\Windows\System32\d3d9caps.dat
2011-08-06 03:32 - 2009-08-24 12:40 - 0000000 ___HD C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
2011-08-06 03:24 - 2005-04-09 19:42 - 0000062 __ASH C:\Documents and Settings\Anton\Local Settings\DESKTOP.INI
2011-08-06 03:23 - 2005-03-31 16:56 - 0000062 __ASH C:\Documents and Settings\Administrator\Local Settings\DESKTOP.INI
2011-08-06 03:23 - 2005-03-31 16:56 - 0000000 ____A C:\Windows\0.LOG
2011-08-06 03:23 - 2005-03-31 16:55 - 0002206 ____A C:\Windows\System32\WPA.DBL
2011-08-06 03:23 - 2005-03-31 16:55 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\DESKTOP.INI
2011-08-06 03:22 - 2005-03-31 16:54 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\DESKTOP.INI
2011-08-06 03:21 - 2005-03-31 16:58 - 0032616 ____A C:\Windows\SchedLgU.Txt
2011-08-06 03:21 - 2005-03-31 16:58 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-06 03:21 - 2004-08-19 22:00 - 0000470 ____A C:\Windows\WIADEBUG.LOG
2011-08-06 03:21 - 2004-08-19 22:00 - 0000048 ____A C:\Windows\WIASERVC.LOG
2011-08-06 02:46 - 2005-03-31 16:56 - 0004572 ____A C:\Windows\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2011-08-06 02:45 - 2008-08-27 20:45 - 0000000 ____D C:\Documents and Settings\Anton\Application Data\WTablet
2011-08-06 02:45 - 1980-01-01 06:00 - 0007275 ____A C:\Windows\System32\nvapps.xml
2011-08-05 23:19 - 2011-02-25 14:31 - 0000000 ___RD C:\Documents and Settings\Anton\My Documents\My Pictures
2011-08-05 17:21 - 2005-03-31 16:34 - 0000000 ____D C:\Windows\Microsoft.NET
2011-08-05 12:11 - 2009-08-24 12:40 - 0000000 __SHD C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
2011-08-05 11:14 - 2007-06-17 15:30 - 0000000 ____D C:\Config.Msi
2011-08-05 11:11 - 2005-03-31 16:58 - 0703810 ____A C:\Windows\System32\PerfStringBackup.INI
2011-08-04 13:16 - 2011-08-04 13:16 - 1564948 ____A C:\Documents and Settings\Anton\Desktop\59071080[1].mp4
2011-08-04 12:04 - 2011-08-04 12:04 - 0098304 ____A C:\Windows\Minidump\Mini080411-01.dmp
2011-08-04 12:04 - 2006-11-09 07:29 - 0000000 ____D C:\Windows\Minidump
2011-08-04 01:03 - 2011-08-04 01:02 - 3762840 ____A C:\Documents and Settings\Anton\Desktop\Mock up 1.jpg
2011-08-03 22:25 - 2004-08-19 22:14 - 0223535 ____A C:\Windows\WMSETUP.LOG
2011-08-02 18:52 - 2011-02-14 17:39 - 0000000 ___RD C:\Documents and Settings\Anton\My Documents\My Music
2011-07-30 20:41 - 2011-07-30 20:41 - 0033280 ____A C:\Documents and Settings\Anton\My Documents\Treasure Hunter Outfit.doc
2011-07-30 20:41 - 2011-07-30 20:41 - 0000162 ___AH C:\Documents and Settings\Anton\My Documents\~$easure Hunter Outfit.doc
2011-07-30 20:41 - 2005-04-09 23:28 - 0038140 ____A C:\Documents and Settings\Anton\Application Data\wklnhst.dat
2011-07-30 20:41 - 2005-04-09 19:42 - 0000000 ___RD C:\Documents and Settings\Anton\My Documents
2011-07-30 20:30 - 2005-03-31 17:12 - 0002483 ____A C:\Documents and Settings\Anton\Desktop\Microsoft Word.lnk
2011-07-30 02:55 - 2011-07-30 02:55 - 0015815 ____A C:\Documents and Settings\Anton\Desktop\Chojin Symbol.png
2011-07-30 02:54 - 2011-07-30 02:54 - 35803659 ____A C:\Documents and Settings\Anton\Desktop\Motivational Image.psd
2011-07-29 13:50 - 2011-01-07 00:02 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-07-29 13:44 - 2007-09-06 08:51 - 0000000 ____D C:\Documents and Settings\Anton\Desktop\resume
2011-07-29 13:08 - 2009-02-08 01:15 - 0000000 ____D C:\WTablet
2011-07-25 23:42 - 2011-07-25 22:24 - 37758383 ____A C:\Documents and Settings\Anton\Desktop\Daizenshuu_EX_-_Episode_0266.mp3
2011-07-25 13:40 - 2011-01-27 18:29 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\Printables
2011-07-25 02:26 - 2011-07-25 02:26 - 0026112 ____A C:\Documents and Settings\Anton\My Documents\All our dreams can come true.doc
2011-07-24 18:32 - 2011-07-24 18:32 - 0224834 ____A C:\Documents and Settings\Anton\Desktop\Halftone_brushes_by_env1ro.rar
2011-07-24 18:32 - 2011-07-24 18:32 - 0167649 ____A C:\Documents and Settings\Anton\Desktop\japanese_flowers_by_mel_rodicq.abr.zip
2011-07-24 18:31 - 2011-07-24 18:31 - 32291327 ____A C:\Documents and Settings\Anton\Desktop\Funky_Seamless_Orange_Patterns_by_WebTreatsETC.zip
2011-07-24 18:31 - 2011-07-24 18:31 - 11118462 ____A C:\Documents and Settings\Anton\Desktop\RisingSun_brushes_by_env1ro.rar
2011-07-24 18:29 - 2011-07-24 18:29 - 8398692 ____A C:\Documents and Settings\Anton\Desktop\flowers_by_PinkOnHead.abr.zip
2011-07-24 18:29 - 2011-07-24 18:29 - 4013747 ____A C:\Documents and Settings\Anton\Desktop\FlowerNtreesLikeBrushes.zip
2011-07-24 18:28 - 2011-07-24 18:28 - 2726064 ____A C:\Documents and Settings\Anton\Desktop\smudged-flowers.zip
2011-07-24 18:28 - 2011-07-24 18:28 - 2303462 ____A C:\Documents and Settings\Anton\Desktop\Photoshop_Brushes_by_Kikariz.abr.zip
2011-07-24 18:28 - 2011-07-24 18:28 - 13159306 ____A C:\Documents and Settings\Anton\Desktop\Watercolor_Splatters_(675_pixels).zip
2011-07-24 18:28 - 2011-07-24 18:28 - 0602682 ____A C:\Documents and Settings\Anton\Desktop\tech.zip
2011-07-24 18:27 - 2011-07-24 18:27 - 5258769 ____A C:\Documents and Settings\Anton\Desktop\flowerpack2.zip
2011-07-24 18:27 - 2011-07-24 18:27 - 1363425 ____A C:\Documents and Settings\Anton\Desktop\My_Little_Brushy_pack01-byCrappyUnicorn.abr.zip
2011-07-24 18:27 - 2011-07-24 18:27 - 0174846 ____A C:\Documents and Settings\Anton\Desktop\vectorbrushes.zip
2011-07-24 18:19 - 2011-07-24 18:19 - 2463659 ____A C:\Documents and Settings\Anton\Desktop\Funky_Brushes_by_Lydia_distracted.abr.zip
2011-07-24 13:39 - 2009-04-22 00:57 - 0000000 ____D C:\Documents and Settings\Anton\Desktop\Virus Stuff
2011-07-24 00:30 - 2011-07-24 00:30 - 1016552 ____A C:\Documents and Settings\Anton\My Documents\HPIM0953.jpg
2011-07-24 00:29 - 2011-07-24 00:29 - 1341162 ____A C:\Documents and Settings\Anton\My Documents\HPIM0952.jpg
2011-07-24 00:29 - 2011-07-24 00:29 - 0870000 ____A C:\Documents and Settings\Anton\My Documents\HPIM0951.jpg
2011-07-21 10:55 - 2011-06-17 21:23 - 4388026 ____A C:\Documents and Settings\Anton\My Documents\Rod_Stewart_-_Young_Turks.mp3
2011-07-21 10:55 - 2008-01-14 05:06 - 0007256 ___SH C:\Documents and Settings\Anton\My Documents\Folder.jpg
2011-07-21 10:55 - 2008-01-14 05:06 - 0001853 ___SH C:\Documents and Settings\Anton\My Documents\AlbumArtSmall.jpg
2011-07-21 10:51 - 2011-07-21 10:51 - 0008676 ___SH C:\Documents and Settings\Anton\My Documents\AlbumArt_{81EAC20A-FECC-452E-951A-D8AB1B8AA4D0}_Large.jpg
2011-07-21 10:51 - 2011-07-21 10:51 - 0002489 ___SH C:\Documents and Settings\Anton\My Documents\AlbumArt_{81EAC20A-FECC-452E-951A-D8AB1B8AA4D0}_Small.jpg
2011-07-21 10:51 - 2011-06-17 21:36 - 5353704 ____A C:\Documents and Settings\Anton\My Documents\Four_Play_-_Max-O-Man.mp3
2011-07-19 12:49 - 2011-07-19 12:49 - 44227830 ____A C:\Documents and Settings\Anton\My Documents\edits 1.psd
2011-07-19 12:49 - 2011-07-19 11:51 - 44150292 ____A C:\Documents and Settings\Anton\My Documents\contingency sheet2.psd
2011-07-19 12:48 - 2011-07-19 12:48 - 40695568 ____A C:\Documents and Settings\Anton\My Documents\edits 2.psd
2011-07-19 12:29 - 2011-07-19 11:49 - 38219364 ____A C:\Documents and Settings\Anton\My Documents\contingency sheet.psd
2011-07-18 22:04 - 2011-07-18 22:05 - 0159019 ____A C:\Documents and Settings\Anton\My Documents\2185-10_600x450[1].jpg
2011-07-18 22:04 - 2011-07-18 22:05 - 0064447 ____A C:\Documents and Settings\Anton\My Documents\2185-10_1000x620[1].jpg
2011-07-18 22:04 - 2011-07-18 22:05 - 0036981 ____A C:\Documents and Settings\Anton\My Documents\2185-10_thumbs[1].jpg
2011-07-18 22:02 - 2011-07-18 22:02 - 0022528 ____A C:\Documents and Settings\Anton\My Documents\Master the basics.doc
2011-07-17 20:59 - 2011-02-17 20:02 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\New Folder (2)
2011-07-16 13:56 - 2009-04-19 09:30 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-07-14 14:10 - 2004-08-19 22:13 - 0323520 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-14 07:07 - 2011-07-14 07:07 - 0000000 __HDC C:\Windows\$NtUninstallKB2507938$
2011-07-14 07:07 - 2011-07-13 11:55 - 0017741 ____A C:\Windows\KB2507938.log
2011-07-14 07:07 - 2011-01-21 15:14 - 0724974 ____A C:\Windows\System32\Drivers\Cat.DB
2011-07-14 07:07 - 2005-04-15 11:36 - 0569159 ____A C:\Windows\updspapi.log
2011-07-14 07:07 - 2005-03-31 16:58 - 2780149 ____A C:\Windows\FaxSetup.log
2011-07-14 07:07 - 2005-03-31 16:58 - 1355313 ____A C:\Windows\OCGEN.LOG
2011-07-14 07:07 - 2005-03-31 16:58 - 1280157 ____A C:\Windows\TSOC.LOG
2011-07-14 07:07 - 2005-03-31 16:58 - 1043789 ____A C:\Windows\iis6.log
2011-07-14 07:07 - 2005-03-31 16:58 - 0877855 ____A C:\Windows\COMSETUP.LOG
2011-07-14 07:07 - 2005-03-31 16:58 - 0854604 ____A C:\Windows\MSMQINST.LOG
2011-07-14 07:07 - 2005-03-31 16:58 - 0533778 ____A C:\Windows\ntdtcsetup.log
2011-07-14 07:07 - 2005-03-31 16:58 - 0500791 ____A C:\Windows\NETFXOCM.LOG
2011-07-14 07:07 - 2005-03-31 16:58 - 0301915 ____A C:\Windows\MedCtrOC.log
2011-07-14 07:07 - 2005-03-31 16:58 - 0145454 ____A C:\Windows\OCMSN.LOG
2011-07-14 07:07 - 2005-03-31 16:58 - 0139463 ____A C:\Windows\MSGSOCM.LOG
2011-07-14 07:07 - 2005-03-31 16:58 - 0138990 ____A C:\Windows\TABLETOC.LOG
2011-07-14 07:07 - 1980-01-01 06:00 - 0001374 ____A C:\Windows\imsins.log
2011-07-14 07:03 - 2010-02-14 11:11 - 49089992 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-07-14 07:02 - 2011-07-14 07:02 - 0000000 __HDC C:\Windows\$NtUninstallKB2555917$
2011-07-14 07:02 - 2011-07-13 11:54 - 0017618 ____A C:\Windows\KB2555917.log
2011-07-14 07:02 - 1980-01-01 06:00 - 0001374 ____A C:\Windows\imsins.BAK
2011-07-13 16:16 - 2011-07-11 15:22 - 0000263 ____A C:\Documents and Settings\Anton\Desktop\Newness.txt
2011-07-13 11:55 - 2005-03-31 17:07 - 0000000 ___HD C:\Windows\$hf_mig$
2011-07-11 15:37 - 2005-04-10 03:05 - 0042496 ____A C:\Documents and Settings\Anton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-07 18:07 - 2011-07-07 18:07 - 0098304 ____A C:\Windows\Minidump\Mini070711-01.dmp
2011-07-06 23:52 - 2010-01-29 09:32 - 0041272 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2011-07-06 23:52 - 2010-01-29 09:32 - 0022712 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-07-03 17:35 - 2011-07-03 16:50 - 78180695 ____A C:\Documents and Settings\Anton\Desktop\Way of the Samurai 2.rar
2011-07-02 03:41 - 2011-07-02 04:28 - 110941702 ____A C:\Documents and Settings\Anton\Desktop\t_batmanac_catwoman_gp_001[1].flv
2011-07-01 23:57 - 2011-07-01 23:57 - 0046406 ____A C:\Documents and Settings\Anton\Desktop\max-ruby-001.gif
2011-06-30 10:45 - 2011-06-30 10:45 - 0000000 __HDC C:\Windows\$NtUninstallKB2541763$
2011-06-30 10:45 - 2011-06-29 11:33 - 0013025 ____A C:\Windows\KB2541763.log
2011-06-28 15:21 - 2005-04-10 04:53 - 0106048 ____A C:\Documents and Settings\Anton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-06-28 15:19 - 2011-06-28 15:20 - 0098304 ____A C:\Windows\Minidump\Mini062811-01.dmp
2011-06-27 11:23 - 2011-06-27 11:23 - 0098304 ____A C:\Windows\Minidump\Mini062711-01.dmp
2011-06-25 01:33 - 2011-06-25 01:36 - 67778009 ____A C:\Documents and Settings\Anton\Desktop\t_saintsrowtt_openworldgamep_wt_doc[1].flv
2011-06-24 15:24 - 2011-06-24 15:24 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\Yiddle Yiddle
2011-06-22 00:57 - 2011-06-20 22:25 - 0000984 ____A C:\Documents and Settings\Anton\Desktop\New List.txt
2011-06-21 19:34 - 2011-06-21 19:34 - 0098304 ____A C:\Windows\Minidump\Mini062111-01.dmp
2011-06-21 02:28 - 2011-06-21 02:28 - 0046190 ____A C:\Documents and Settings\Anton\My Documents\campbell_l[1].pdf
2011-06-21 02:28 - 2010-08-24 18:05 - 0311251 ____A C:\Windows\setupapi.log
2011-06-20 21:54 - 2011-06-20 21:54 - 0001368 ____A C:\Documents and Settings\Anton\Desktop\Master Plan Revised.txt
2011-06-20 15:50 - 2005-03-31 16:56 - 0013857 ____A C:\Windows\setupact.log
2011-06-17 20:36 - 2006-03-16 05:29 - 0000000 ____D C:\Documents and Settings\Anton\Application Data\Sony
2011-06-17 20:35 - 2011-06-17 19:13 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\Auntie Sophie Slides
2011-06-17 19:12 - 2011-06-17 19:12 - 1262089 ____A C:\Documents and Settings\Anton\My Documents\Slides.zip
2011-06-17 18:36 - 2011-06-17 18:36 - 0545050 ____A C:\Documents and Settings\Anton\My Documents\pp in progress phc1.pdf
2011-06-17 11:48 - 2011-06-16 17:07 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\New Acer Drives
2011-06-17 02:29 - 2011-06-17 02:29 - 20893456 ____A C:\Documents and Settings\Anton\My Documents\Camera_Suyin_App_v2.0.7.1_Driver_v5.8.33.501_XP.zip
2011-06-16 11:52 - 2011-06-16 11:52 - 0000000 __HDC C:\Windows\$NtUninstallKB2476490$
2011-06-16 11:52 - 2011-06-15 10:53 - 0028651 ____A C:\Windows\KB2476490.log
2011-06-16 11:51 - 2011-06-16 11:51 - 0013581 ____A C:\Windows\KB2503665.log
2011-06-16 11:51 - 2011-06-16 11:51 - 0000000 __HDC C:\Windows\$NtUninstallKB2535512$
2011-06-16 11:51 - 2011-06-16 11:51 - 0000000 __HDC C:\Windows\$NtUninstallKB2503665$
2011-06-16 11:51 - 2011-06-16 11:50 - 0013579 ____A C:\Windows\KB2535512.log
2011-06-16 11:50 - 2011-06-16 11:50 - 0013656 ____A C:\Windows\KB2536276.log
2011-06-16 11:50 - 2011-06-16 11:50 - 0000000 __HDC C:\Windows\$NtUninstallKB2536276$
2011-06-16 11:50 - 2011-06-16 11:48 - 0016962 ____A C:\Windows\KB2530548-IE8.log
2011-06-16 11:49 - 2009-05-13 13:16 - 0000000 ____D C:\Windows\ie8updates
2011-06-16 11:48 - 2011-06-16 11:48 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893$
2011-06-16 11:48 - 2011-06-16 11:47 - 0007778 ____A C:\Windows\KB2544893.log
2011-06-16 11:47 - 2011-06-16 11:41 - 0008747 ____A C:\Windows\KB2544521-IE8.log
2011-06-16 03:58 - 2011-06-16 03:23 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\Acer Drivers
2011-06-11 02:42 - 2011-03-16 13:50 - 0000375 ____A C:\Documents and Settings\Anton\Desktop\Animation Test.lnk
2011-06-09 07:02 - 2011-06-09 07:02 - 0000000 ____D C:\aca498ee397b3989fa804b3089
2011-06-09 07:02 - 2011-06-09 07:02 - 0000000 ____D C:\1d8508f6781ce8e62c06db3e87fa
2011-06-07 13:55 - 2011-06-07 13:52 - 0000000 ____D C:\Program Files\Common Files\PC Tools
2011-06-07 13:52 - 2011-06-07 13:52 - 0001664 ____A C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
2011-06-07 13:52 - 2009-03-30 06:09 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\PC Tools
2011-06-07 13:50 - 2011-05-30 07:08 - 0000000 ____D C:\Program Files\Spyware Doctor
2011-06-06 23:38 - 2005-03-31 16:35 - 0000000 ___SD C:\Windows\Downloaded Program Files
2011-06-06 11:25 - 2011-06-06 11:13 - 0000000 ____D C:\e091dc124a5e9fb6b8
2011-06-02 21:26 - 2004-08-19 22:07 - 0000671 ____A C:\Windows\WIN.INI
2011-06-02 14:02 - 2008-10-15 05:46 - 1858944 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2011-06-02 14:02 - 2004-08-10 11:00 - 1858944 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-06-02 12:25 - 2011-03-01 03:34 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\New Folder (4)
2011-06-01 21:23 - 2005-11-17 00:45 - 0000000 __HDC C:\Windows\$NtUninstallKB905749$
2011-06-01 12:11 - 2010-07-17 03:47 - 0000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
2011-05-30 22:19 - 2004-08-10 11:00 - 5964800 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2011-05-30 22:19 - 2004-08-10 11:00 - 5964800 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-05-30 07:21 - 2007-09-06 08:49 - 0000520 ____A C:\Documents and Settings\Anton\Desktop\My Music.lnk
2011-05-30 07:21 - 2005-04-11 20:51 - 0000467 ____A C:\Documents and Settings\Anton\Desktop\My Pictures.lnk
2011-05-30 07:00 - 2011-05-30 07:00 - 0000000 ____D C:\c0df6e8c7d46b87119
2011-05-30 07:00 - 2011-05-30 07:00 - 0000000 ____D C:\4a99b5af0e22da5186b563
2011-05-24 01:21 - 2005-05-19 21:41 - 0096656 ____A C:\Documents and Settings\Anton\Application Data\GDIPFONTCACHEV1.DAT
2011-05-23 12:11 - 2011-04-24 14:23 - 0081408 ____A C:\Documents and Settings\Anton\My Documents\May.doc
2011-05-21 06:21 - 2011-01-18 15:03 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\Tekken Concept Art
2011-05-21 06:05 - 2005-03-31 16:36 - 0000000 __SHD C:\Documents and Settings\All Users\DRM
2011-05-21 06:04 - 2011-03-12 06:37 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\DivX Movies
2011-05-21 06:03 - 2011-03-03 04:37 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\Diagnaostic
2011-05-21 05:50 - 2011-02-28 17:33 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\New Folder (3)
2011-05-20 15:44 - 2011-06-07 13:55 - 2078672 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2011-05-20 15:44 - 2011-06-07 13:55 - 1533904 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2011-05-20 15:44 - 2011-06-07 13:55 - 0767952 ____A C:\Windows\BDTSupport.dll
2011-05-20 15:44 - 2011-06-07 13:55 - 0149456 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2011-05-19 03:08 - 2011-05-19 03:08 - 0000000 ____D C:\Documents and Settings\Anton\Local Settings\Application Data\Geckofx
2011-05-19 03:08 - 2011-05-19 03:08 - 0000000 ____D C:\Documents and Settings\Anton\Application Data\Mozilla
2011-05-19 03:07 - 2011-05-19 03:07 - 0000000 ____D C:\Program Files\AviSynth 2.5
2011-05-13 13:00 - 2011-05-13 13:00 - 0000000 ____D C:\Program Files\FLV to MP4 Converter
2011-05-13 12:23 - 2011-05-13 12:22 - 0000000 ____D C:\Documents and Settings\Anton\My Documents\Wondershare Video Converter Platinum
2011-05-13 12:21 - 2011-05-13 12:21 - 0000000 ____D C:\Program Files\Wondershare
2011-05-11 17:35 - 2011-06-07 13:52 - 0160576 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys
2011-05-11 13:55 - 2011-06-07 13:52 - 0263888 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys
2011-05-08 01:52 - 2011-05-08 01:52 - 0000000 ____D C:\Documents and Settings\Anton\Application Data\PC-FAX TX
2011-05-08 01:52 - 2011-04-21 00:08 - 0000747 ____A C:\Windows\Brpfx04a.ini
2011-05-08 01:38 - 2011-05-08 01:37 - 0020480 ____A C:\Documents and Settings\Anton\My Documents\Hi Anton.doc

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================


========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3070.08 MB
Available physical RAM: 2669.48 MB
Total Pagefile: 2894.88 MB
Available Pagefile: 2714.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.55 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT
2 Drive c: () (Fixed) (Total:69.79 GB) (Free:24.52 GB) NTFS
5 Drive f: () (Removable) (Total:3.77 GB) (Free:2.81 GB) FAT32
6 Drive h: (New Volume) (Fixed) (Total:465.76 GB) (Free:452.2 GB) NTFS
7 Drive x: (UBCD4Windows) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS


This is the MBRDUMP.txt file:

3м |ؾ |  Ph`G*N ED.p&hb@ :! 7&7` 3AL }J@IS  t` ǁO>QRfǁ3l` @3J@@ KE.pnLubú>Q 21|TDNpD6#W kxW"<r"7@E] @x7@'8 㢵'8"r"'8 0bl0IWօf0|ЈGhJ8b y1@ T~jI :  )@O-' r 1... done.
failed.
Bad flag
0 active partitions
Bad PBR
P['  ??  G f \ތ U

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 PM

Posted 09 August 2011 - 12:22 AM

Please attach the MBRDUMP.txt file instead.

Download the enclosed file.

Save it to the USB drive and insert it into the ailing computer.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST as you did before, and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 09 August 2011 - 06:52 AM

Attached File  MBRDUMP.txt   512bytes   5 downloads
That is the MBRDUMP file. (I'm not sure if I am attaching it right. I hope that I am.)


This is the Fixlog:


Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.1)
Ran by SYSTEM at 2011-08-09 07:50:25 R:1
Running from F:\

==============================================

HKEY_USERS\Anton\Software\Microsoft\Windows\CurrentVersion\Run\\8DDYX0ZBPZ Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*parsesvcmsg.exe Value deleted successfully.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Bkgnyuflbi Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfETjHB Key deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJcawUM Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Value was restored.
C:\WINDOWS\system32\efcaxxWq not found.
sdmtw service deleted successfully.
C:\Windows\System32\drivers\trjo.sys moved successfully.
C:\Windows\System32\parsesvcmsg.exe moved successfully.
C:\Documents and Settings\Anton\Start Menu\Programs\Startup\Zentom System Guard.lnk moved successfully.
C:\Documents and Settings\Anton\Desktop\Zentom System Guard.lnk moved successfully.
C:\Windows\Ojykub.exe moved successfully.
C:\Windows\System32\nscompat9.dll moved successfully.
C:\Windows\Ojykua.exe moved successfully.
C:\Windows\srun.log moved successfully.
C:\Windows\0.LOG moved successfully.
C:\DOCUME~1\Anton\LOCALS~1\Temp\Og0.exe moved successfully.

==== End of Fixlog ====

Edited by Domo!, 09 August 2011 - 08:25 AM.


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 PM

Posted 09 August 2011 - 10:44 AM

Open a command prompt and browse to the USB drive. At the USB drive prompt type the following and press Enter:

MbrFix /drive 0 fixmbr

Leave a space amond the following arguments:

MbrFix
/drive
0
fixmbr


The drive is Drive zero (Drive 0)

If successful, attempt to restart the computer in Normal Mode.

If able to boot in Normal Mode, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to MyPoppy as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


    If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on MyPoppy.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\MyPoppy.txt" . ( I believe Combofix will also rename the report)
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Edited by JSntgRvr, 09 August 2011 - 10:48 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 09 August 2011 - 02:51 PM

Instruction followed and MyPoppy has ran, here is the ComboFix post:

ComboFix 11-08-09.02 - Anton 08/09/2011 14:37:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2351 [GMT -4:00]
Running from: c:\documents and settings\Anton\Desktop\MyPoppy.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
ADS - system32: deleted 142 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Anton\Application Data\Adobe\plugs
c:\documents and settings\Anton\Application Data\Adobe\plugs\KB5371734.exe
c:\documents and settings\Anton\Application Data\Adobe\shed
c:\documents and settings\Anton\Application Data\E0A0895EE969606B0DA7C959CF93F887
c:\documents and settings\Anton\Application Data\E0A0895EE969606B0DA7C959CF93F887\enemies-names.txt
c:\documents and settings\Anton\Application Data\E0A0895EE969606B0DA7C959CF93F887\hookdll.dll
c:\documents and settings\Anton\Application Data\E0A0895EE969606B0DA7C959CF93F887\local.ini
c:\documents and settings\Anton\Application Data\E0A0895EE969606B0DA7C959CF93F887\lsrslt.ini
c:\documents and settings\Anton\Application Data\JuniperSetup.exe
c:\documents and settings\Anton\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
c:\documents and settings\Anton\My Documents\~WRL0094.tmp
c:\documents and settings\Anton\My Documents\~WRL0202.tmp
c:\documents and settings\Anton\My Documents\~WRL0256.tmp
c:\documents and settings\Anton\My Documents\~WRL0329.tmp
c:\documents and settings\Anton\My Documents\~WRL0575.tmp
c:\documents and settings\Anton\My Documents\~WRL0587.tmp
c:\documents and settings\Anton\My Documents\~WRL1024.tmp
c:\documents and settings\Anton\My Documents\~WRL2089.tmp
c:\documents and settings\Anton\My Documents\~WRL2604.tmp
c:\documents and settings\Anton\My Documents\~WRL2929.tmp
c:\documents and settings\Anton\My Documents\~WRL2976.tmp
c:\documents and settings\Anton\My Documents\~WRL3021.tmp
c:\documents and settings\Anton\My Documents\~WRL3527.tmp
c:\documents and settings\Anton\Start Menu\Programs\Zentom System Guard
c:\documents and settings\Anton\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
c:\documents and settings\Anton\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
c:\documents and settings\Anton\Start Menu\Zentom System Guard.lnk
c:\documents and settings\Anton\WINDOWS
C:\install.exe
c:\windows\AutoRun.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-08 23:25 . 2011-08-08 23:26 -------- d-----w- C:\FRST
2011-08-06 04:53 . 2011-08-06 04:53 -------- d-----w- c:\program files\Yontoo Layers Runtime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2010-01-29 09:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-01-29 09:32 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2004-08-10 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-20 15:44 . 2011-06-07 13:55 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-05-20 15:44 . 2011-06-07 13:55 2078672 ----a-w- c:\windows\PCTBDCore.dll
2011-05-20 15:44 . 2011-06-07 13:55 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-05-20 15:44 . 2011-06-07 13:55 767952 ----a-w- c:\windows\BDTSupport.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-05-20 247760]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-3-31 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2006-5-31 114688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Anton^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Anton\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 22:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 17:56 64512 ----a-w- c:\windows\EHOME\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-12-05 17:30 2295072 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-07-29 13:50 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-07-11 15:06 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2006-12-01 02:49 4662776 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [6/7/2011 9:52 AM 263888]
R0 pctDS;PC Tools Data Store;c:\windows\SYSTEM32\DRIVERS\pctDS.sys [6/7/2011 9:53 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\pctEFA.sys [6/7/2011 9:53 AM 656320]
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [8/20/2008 12:52 PM 721904]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [5/30/2011 3:19 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [5/30/2011 3:19 AM 69392]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [6/7/2011 9:53 AM 251560]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\SYSTEM32\DRIVERS\PCTSD.sys [6/7/2011 9:52 AM 233976]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [6/7/2011 9:55 AM 337872]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/29/2010 5:32 AM 366640]
R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [9/29/2010 8:30 PM 2139400]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [6/7/2011 9:52 AM 371472]
R2 TabletServicePen;TabletServicePen;c:\windows\SYSTEM32\Pen_Tablet.exe [8/27/2008 4:42 PM 3032360]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\SYSTEM32\DRIVERS\libusb0.sys [1/13/2011 11:03 AM 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [1/29/2010 5:32 AM 22712]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\SYSTEM32\DRIVERS\wacmoumonitor.sys [8/27/2008 4:42 PM 15144]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 CrucialSMBusScan;CrucialSMBusScan;\??\c:\docume~1\Anton\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys --> c:\docume~1\Anton\LOCALS~1\Temp\CrucialSMBusScan_XP32.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [1/29/2010 5:32 AM 41272]
S3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [6/7/2011 9:52 AM 70664]
S3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [5/30/2011 3:19 AM 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 17:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2E581F18-8572-4127-A0A4-93F526D69B3F} - (no file)
BHO-{CBFB9D0F-9156-4A69-9A28-55B2D1E6AC48} - c:\windows\system32\rqRkhhhg.dll
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\GameDrvr.exe
AddRemove-AOL Connectivity Services - c:\progra~1\COMMON~1\AOL\ACS\AcsUninstall.exe
AddRemove-AOLCoach - c:\program files\Common Files\aolshare\Coach\AolCInUn.exe
AddRemove-Champions Online - h:\program files\Cryptic Studios\Uninstall Champions Online.exe
AddRemove-EZ FX v6.0 - h:\[pc] freedom force vs the 3rd reich [dopeman]\Freedom Force vs The 3rd Reich\AFF_EZFXv60.exe
AddRemove-Money2005b - c:\program files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe
AddRemove-Registry Patrol v3.0 - c:\windows\unvise32.exe
AddRemove-Security Task Manager - c:\program files\Security Task Manager\Uninstal.exe
AddRemove-Video Cleaner - c:\windows\Video Cleaner Uninstaller.exe
AddRemove-Viewpoint Manager - c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 15:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(828)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(796)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\fxssvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2011-08-09 15:25:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-09 19:25
.
Pre-Run: 19,340,414,976 bytes free
Post-Run: 23,116,189,696 bytes free
.
Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 14DE71D7E0017F1030FE29671E45028A

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:54 PM

Posted 09 August 2011 - 06:26 PM

Lets check for remnants:

  • Launch and update Malwarebytes' Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Domo!

Domo!
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 09 August 2011 - 11:01 PM

Here is the Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7422

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2011 9:12:15 PM
mbam-log-2011-08-09 (21-12-15).txt

Scan type: Quick scan
Objects scanned: 184279
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ZU6RKI1ONY (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


This is the ESET Log:


C:\FRST\Quarantine\Og0.exe a variant of Win32/Kryptik.RGB trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\Ojykua.exe a variant of Win32/Kryptik.RGB trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\Ojykub.exe a variant of Win32/Kryptik.RGB trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\parsesvcmsg.exe Win32/Spy.Agent.NWY trojan cleaned by deleting - quarantined
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Anton\Application Data\Adobe\plugs\KB5371734.exe.vir a variant of Win32/Kryptik.RFB trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Anton\Application Data\E0A0895EE969606B0DA7C959CF93F887\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Anton\Application Data\E0A0895EE969606B0DA7C959CF93F887\hookdll.dll.vir Win32/Adware.AntimalwareDoctor.AH application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Anton\Application Data\E0A0895EE969606B0DA7C959CF93F887\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000233.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000236.exe a variant of Win32/Kryptik.RFB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000237.dll Win32/Adware.AntimalwareDoctor.AH application cleaned by deleting - quarantined
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000238.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000472.exe a variant of Win32/Kryptik.RGB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000473.exe a variant of Win32/Kryptik.RGB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000474.exe a variant of Win32/Kryptik.RGB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000475.exe Win32/Spy.Agent.NWY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP2\A0000479.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
Operating memory a variant of Win32/Adware.Yontoo.A application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users