Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer may be infected with several malware


  • This topic is locked This topic is locked
23 replies to this topic

#1 yellowrabbit

yellowrabbit

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 August 2011 - 01:51 PM

Problems started when computer first got infected with the Security Protection virus. I tried to delete the file and it seemed to be gone. However it messed up the AVG as well as the Malwarebytes Anti-malware and were both blocked when I tried to scan. The message “Windows cannot not access the specified device, path, or file. You may have inappropriate permissions to access the item” would appear when trying to open Malwarebytes. AVG just says that it does not have any working components and it cannot scan.
It seems that I also got the TDSS trojan/rootkit. The TDSSKiller would not work except in Safe Mode where it found the virus and got rid of it. Google was still redirecting however. I also ran Malwarebytes in Safe Mode in which it worked but did not find anything. After rebooting AVG worked in the beginning and found several infected files with the Katusha virus, but it shut off after a few minutes. Malwarebytes also worked but was blocked as it was trying to scan. The computer is also slower and blocks nearly all programs and have to unblock before opening. Not sure what else to do and would appreciate your help.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:49 AM

Posted 14 August 2011 - 03:08 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 19 August 2011 - 01:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414382 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 yellowrabbit

yellowrabbit
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 19 August 2011 - 04:50 PM

DDS log

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Owner at 18:33:01 on 2011-08-16
.
============== Running Processes ===============
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Stardock\OBJECT~2\DesktopX\dxwidget.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uSearch Page = hxxp://www.bing.com/?pc=AVBR
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uCustomizeSearch =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{5DFAE21F-DA6D-4D22-8E18-AAD20A7D9D59} : NameServer = 192.168.254.1
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: Nitro PDF Professional - cscript //B "c:\program files\nitro pdf\professional\RemoveOldAddins.vbs"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\iaaf58sg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\owner\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R? aliasdocserver;Alias Documentation Server
R? gupdate1cac0c3d90514a8;Google Update Service (gupdate1cac0c3d90514a8)
R? gupdatem;Google Update Service (gupdatem)
R? mrtRate;mrtRate
R? NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update
R? Sbvpum;Sbvpum
R? scsiscan;SCSI Scanner Driver
R? SwitchBoard;SwitchBoard
R? TabletServiceWacom;TabletServiceWacom
R? wacmoumonitor;Wacom Mode Helper
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? PDIHWCTL;PDIHWCTL
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2011-08-14 23:31:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 23:31:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 18:56:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-08-14 17:32:15 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-02 15:53:52 87608 ----a-w- c:\documents and settings\owner\application data\inst.exe
2011-07-02 15:53:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-07-02 15:53:52 47360 ----a-w- c:\documents and settings\owner\application data\pcouffin.sys
2005-12-06 04:29:32 27982360 ----a-w- c:\program files\vistaahuttle.exe
2005-12-06 04:18:02 3401566 ----a-w- c:\program files\scannerdriver.exe
2005-07-11 22:09:10 61440 ----a-w- c:\program files\Silica Volume Control.exe
.
============= FINISH: 18:37:17.96 ===============


I tried running the GMER Scan about three times. It did the scan but the computer froze at the end and was unable to save or copy the log. Will try in Safe Mode one more time.

Attached Files


Edited by yellowrabbit, 19 August 2011 - 04:51 PM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 20 August 2011 - 04:44 AM

Hello, my name is Elise and I'll assist you with this issue.
First lets do a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 yellowrabbit

yellowrabbit
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 20 August 2011 - 06:30 PM

Tried running GMER scan again in Safe Mode and computer froze up again after finishing scan. Here is the TDSSKiller log however. It found a threat but there was no Cure option so I just let it on the default Skip.


2011/08/20 19:18:59.0578 3220 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/20 19:18:59.0859 3220 ================================================================================
2011/08/20 19:18:59.0859 3220 SystemInfo:
2011/08/20 19:18:59.0859 3220
2011/08/20 19:18:59.0859 3220 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/20 19:18:59.0859 3220 Product type: Workstation
2011/08/20 19:18:59.0859 3220 ComputerName: BEDROOM1
2011/08/20 19:18:59.0859 3220 UserName: Owner
2011/08/20 19:18:59.0859 3220 Windows directory: C:\WINDOWS
2011/08/20 19:18:59.0859 3220 System windows directory: C:\WINDOWS
2011/08/20 19:18:59.0859 3220 Processor architecture: Intel x86
2011/08/20 19:18:59.0859 3220 Number of processors: 2
2011/08/20 19:18:59.0859 3220 Page size: 0x1000
2011/08/20 19:18:59.0859 3220 Boot type: Normal boot
2011/08/20 19:18:59.0859 3220 ================================================================================
2011/08/20 19:19:01.0796 3220 Initialize success
2011/08/20 19:19:25.0437 3368 ================================================================================
2011/08/20 19:19:25.0437 3368 Scan started
2011/08/20 19:19:25.0437 3368 Mode: Manual;
2011/08/20 19:19:25.0437 3368 ================================================================================
2011/08/20 19:19:26.0906 3368 6cd408d4 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\3557348460:2469132075.exe
2011/08/20 19:19:30.0859 3368 Suspicious file (Hidden): C:\WINDOWS\3557348460:2469132075.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/08/20 19:19:30.0875 3368 6cd408d4 - detected HiddenFile.Multi.Generic (1)
2011/08/20 19:19:31.0625 3368 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/20 19:19:32.0562 3368 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/20 19:19:33.0937 3368 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/20 19:19:36.0250 3368 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/20 19:19:37.0109 3368 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/20 19:19:37.0703 3368 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/08/20 19:19:38.0312 3368 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/20 19:19:41.0359 3368 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/08/20 19:19:42.0718 3368 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/20 19:19:44.0437 3368 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/08/20 19:19:45.0406 3368 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/20 19:19:50.0390 3368 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/20 19:19:51.0781 3368 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/20 19:19:53.0078 3368 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/20 19:19:54.0265 3368 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/20 19:19:55.0781 3368 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/20 19:19:57.0203 3368 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/20 19:19:58.0312 3368 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/20 19:19:59.0703 3368 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/20 19:20:02.0375 3368 ati2mtag (7182bf0f2a392d48e4aa732b970aac9c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/20 19:20:03.0593 3368 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/20 19:20:05.0078 3368 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/20 19:20:06.0453 3368 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/20 19:20:07.0765 3368 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/20 19:20:08.0906 3368 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/20 19:20:11.0953 3368 CdaC15BA (f76cb7259aa575cc53f3996bc6b68c18) C:\WINDOWS\System32\drivers\CDAC15BA.SYS
2011/08/20 19:20:13.0343 3368 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/20 19:20:14.0984 3368 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/20 19:20:16.0625 3368 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/20 19:20:22.0171 3368 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/20 19:20:23.0484 3368 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/20 19:20:25.0468 3368 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/20 19:20:26.0625 3368 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/20 19:20:27.0515 3368 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/20 19:20:29.0687 3368 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/20 19:20:30.0625 3368 DS1410D (1a51e03b66635280684e9edf34a2e8c0) C:\WINDOWS\System32\drivers\ds1410d.sys
2011/08/20 19:20:31.0390 3368 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/08/20 19:20:32.0734 3368 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/20 19:20:34.0125 3368 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/20 19:20:34.0921 3368 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/20 19:20:35.0828 3368 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/20 19:20:36.0875 3368 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/20 19:20:38.0140 3368 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/20 19:20:39.0296 3368 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/20 19:20:40.0218 3368 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/20 19:20:41.0125 3368 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/20 19:20:42.0531 3368 hardlock (c818b973110a1c9f7763dd39bffd0fd3) C:\WINDOWS\System32\drivers\hardlock.sys
2011/08/20 19:20:43.0562 3368 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\System32\drivers\Haspnt.sys
2011/08/20 19:20:44.0484 3368 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/20 19:20:46.0781 3368 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/20 19:20:49.0859 3368 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/20 19:20:51.0046 3368 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/20 19:20:52.0484 3368 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/20 19:20:54.0406 3368 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/08/20 19:20:55.0796 3368 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/20 19:20:56.0750 3368 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/20 19:20:57.0671 3368 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/20 19:20:58.0843 3368 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/20 19:21:00.0265 3368 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/20 19:21:01.0265 3368 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/20 19:21:02.0343 3368 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/20 19:21:03.0656 3368 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/20 19:21:04.0968 3368 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/20 19:21:06.0125 3368 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/20 19:21:07.0062 3368 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/20 19:21:08.0078 3368 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/20 19:21:10.0437 3368 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/08/20 19:21:11.0328 3368 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/20 19:21:12.0703 3368 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/20 19:21:13.0703 3368 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/20 19:21:14.0609 3368 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/20 19:21:15.0750 3368 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/20 19:21:17.0078 3368 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/20 19:21:20.0015 3368 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/20 19:21:21.0453 3368 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/20 19:21:22.0453 3368 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/20 19:21:23.0750 3368 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/20 19:21:25.0140 3368 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/20 19:21:26.0484 3368 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/20 19:21:27.0296 3368 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/20 19:21:28.0265 3368 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/20 19:21:29.0296 3368 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/08/20 19:21:30.0437 3368 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/20 19:21:31.0406 3368 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/20 19:21:32.0375 3368 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/20 19:21:33.0312 3368 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/20 19:21:34.0468 3368 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/20 19:21:35.0515 3368 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/20 19:21:36.0671 3368 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/20 19:21:37.0765 3368 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/20 19:21:39.0062 3368 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/20 19:21:40.0390 3368 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/20 19:21:41.0015 3368 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/20 19:21:41.0906 3368 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/20 19:21:43.0218 3368 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/20 19:21:44.0203 3368 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/20 19:21:44.0921 3368 nvcap (9b7accfac9b19b98d54f45a9cf61ca39) C:\WINDOWS\system32\DRIVERS\nvcap.sys
2011/08/20 19:21:45.0234 3368 NVXBAR (bef79a5b5a01bb749afbed27837e6311) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
2011/08/20 19:21:45.0640 3368 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/08/20 19:21:46.0421 3368 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/20 19:21:47.0156 3368 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/20 19:21:48.0000 3368 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/20 19:21:48.0796 3368 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/20 19:21:49.0562 3368 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/20 19:21:50.0437 3368 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/20 19:21:51.0281 3368 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/20 19:21:52.0218 3368 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/20 19:21:53.0187 3368 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/20 19:21:54.0250 3368 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/08/20 19:21:56.0578 3368 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\WINDOWS\system32\drivers\PDIHWCTL.sys
2011/08/20 19:22:00.0140 3368 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\System32\drivers\pfc.sys
2011/08/20 19:22:00.0546 3368 pivot (4d0df4dbaaefc3f2f87b92f513cbe54f) C:\WINDOWS\system32\drivers\pivot.sys
2011/08/20 19:22:01.0046 3368 pivotmou (0001b0b6bd76a6c9a59794272c441248) C:\WINDOWS\system32\drivers\pivotmou.sys
2011/08/20 19:22:01.0734 3368 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/20 19:22:02.0468 3368 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/20 19:22:02.0921 3368 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/08/20 19:22:03.0625 3368 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/20 19:22:04.0140 3368 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/20 19:22:04.0859 3368 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/08/20 19:22:07.0984 3368 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
2011/08/20 19:22:08.0859 3368 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/20 19:22:09.0734 3368 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/20 19:22:10.0218 3368 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/20 19:22:10.0593 3368 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/20 19:22:11.0000 3368 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/20 19:22:11.0343 3368 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/20 19:22:11.0734 3368 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/20 19:22:12.0625 3368 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/08/20 19:22:13.0515 3368 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2011/08/20 19:22:13.0906 3368 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\System32\Drivers\SbcpHid.sys
2011/08/20 19:22:14.0187 3368 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/08/20 19:22:14.0593 3368 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/20 19:22:14.0937 3368 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
2011/08/20 19:22:15.0234 3368 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/20 19:22:15.0671 3368 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/20 19:22:16.0453 3368 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/20 19:22:17.0109 3368 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/20 19:22:18.0046 3368 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/08/20 19:22:18.0437 3368 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/08/20 19:22:18.0718 3368 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/08/20 19:22:19.0218 3368 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/20 19:22:20.0390 3368 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/20 19:22:21.0062 3368 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/20 19:22:21.0671 3368 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/20 19:22:22.0500 3368 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/20 19:22:23.0015 3368 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/20 19:22:23.0421 3368 SunkFilt (2087b202cfe8a2f8a59cecfffbec58d5) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/08/20 19:22:24.0250 3368 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/20 19:22:24.0578 3368 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/20 19:22:27.0593 3368 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/20 19:22:28.0875 3368 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/20 19:22:30.0406 3368 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/20 19:22:31.0359 3368 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/20 19:22:32.0421 3368 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/20 19:22:34.0921 3368 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/20 19:22:36.0906 3368 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/20 19:22:38.0562 3368 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/20 19:22:39.0718 3368 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/20 19:22:42.0406 3368 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/20 19:22:43.0921 3368 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/20 19:22:45.0312 3368 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/20 19:22:46.0937 3368 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/20 19:22:49.0125 3368 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/20 19:22:51.0093 3368 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/20 19:22:52.0968 3368 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/20 19:22:54.0296 3368 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/20 19:22:55.0734 3368 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/08/20 19:22:57.0093 3368 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/08/20 19:22:58.0437 3368 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/20 19:22:59.0359 3368 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/08/20 19:23:00.0765 3368 viagfx (e8c619c6c6bde90d130dda87150e1944) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/08/20 19:23:02.0515 3368 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/08/20 19:23:03.0921 3368 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/20 19:23:05.0515 3368 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/08/20 19:23:07.0078 3368 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/08/20 19:23:08.0390 3368 wacomvhid (6843fd7db708b14ea4d8092abb464244) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/08/20 19:23:09.0843 3368 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
2011/08/20 19:23:11.0515 3368 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/20 19:23:14.0312 3368 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/20 19:23:16.0359 3368 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/08/20 19:23:17.0625 3368 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/20 19:23:18.0765 3368 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/20 19:23:20.0343 3368 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/20 19:23:22.0078 3368 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/20 19:23:23.0546 3368 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/08/20 19:23:25.0015 3368 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/08/20 19:23:25.0218 3368 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/20 19:23:37.0421 3368 Boot (0x1200) (32ba9c9a39e0dce01ac2dfe4cb47e913) \Device\Harddisk0\DR0\Partition0
2011/08/20 19:23:37.0484 3368 Boot (0x1200) (d867016bd272172247b953c604dcdafb) \Device\Harddisk0\DR0\Partition1
2011/08/20 19:23:37.0484 3368 ================================================================================
2011/08/20 19:23:37.0484 3368 Scan finished
2011/08/20 19:23:37.0484 3368 ================================================================================
2011/08/20 19:23:37.0546 2936 Detected object count: 1
2011/08/20 19:23:37.0546 2936 Actual detected object count: 1
2011/08/20 19:24:09.0625 2936 HiddenFile.Multi.Generic(6cd408d4) - User select action: Skip

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 21 August 2011 - 03:27 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 yellowrabbit

yellowrabbit
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 21 August 2011 - 03:54 PM

ComboFix 11-08-21.01 - Owner 08/21/2011 12:24:39.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1644 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.BEDROOM1\WINDOWS
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Application Data\pcouffin.sys
c:\documents and settings\Owner\WINDOWS
c:\program files\messenger\msmsgsin.exe
c:\program files\newsoft
c:\program files\newsoft\PageManager\pm40.db
c:\program files\newsoft\PageManager\Uninst\_INST32I.EX_
c:\program files\newsoft\PageManager\Uninst\_SETUP.DLL
c:\program files\newsoft\PageManager\Uninst\_SETUP.LIB
c:\program files\newsoft\PageManager\Uninst\copyrt.txt
c:\program files\newsoft\PageManager\Uninst\register.exe
c:\program files\newsoft\PageManager\Uninst\register.ini
c:\program files\newsoft\PageManager\Uninst\SETUP.EXE
c:\program files\newsoft\PageManager\Uninst\SETUP.INI
c:\program files\newsoft\PageManager\Uninst\setup.ins
c:\program files\newsoft\PageManager\Uninst\UNINST.ICO
c:\program files\newsoft\VistaShuttle\AppInfo\calender.bmp
c:\program files\newsoft\VistaShuttle\AppInfo\calender.dwn
c:\program files\newsoft\VistaShuttle\AppInfo\calender.slt
c:\program files\newsoft\VistaShuttle\AppInfo\card.bmp
c:\program files\newsoft\VistaShuttle\AppInfo\card.dwn
c:\program files\newsoft\VistaShuttle\AppInfo\card.slt
c:\program files\newsoft\VistaShuttle\AppInfo\ecard.bmp
c:\program files\newsoft\VistaShuttle\AppInfo\ecard.dwn
c:\program files\newsoft\VistaShuttle\AppInfo\ecard.slt
c:\program files\newsoft\VistaShuttle\AppInfo\flyer.bmp
c:\program files\newsoft\VistaShuttle\AppInfo\flyer.dwn
c:\program files\newsoft\VistaShuttle\AppInfo\flyer.slt
c:\program files\newsoft\VistaShuttle\AppInfo\Poster.bmp
c:\program files\newsoft\VistaShuttle\AppInfo\poster.dwn
c:\program files\newsoft\VistaShuttle\AppInfo\poster.slt
c:\program files\newsoft\VistaShuttle\AppInfo\screen.bmp
c:\program files\newsoft\VistaShuttle\AppInfo\screen.dwn
c:\program files\newsoft\VistaShuttle\AppInfo\screen.slt
c:\program files\newsoft\VistaShuttle\AppInfo\sticker.bmp
c:\program files\newsoft\VistaShuttle\AppInfo\sticker.dwn
c:\program files\newsoft\VistaShuttle\AppInfo\sticker.slt
c:\program files\newsoft\VistaShuttle\AppInfo\wall.bmp
c:\program files\newsoft\VistaShuttle\AppInfo\wall.dwn
c:\program files\newsoft\VistaShuttle\AppInfo\wall.slt
c:\program files\newsoft\VistaShuttle\AppInfo\wall1.bmp
c:\program files\newsoft\VistaShuttle\AppInfo\wall1.dwn
c:\program files\newsoft\VistaShuttle\AppInfo\wall1.slt
c:\program files\newsoft\VistaShuttle\Card\copyrt.txt
c:\program files\newsoft\VistaShuttle\Card\lfbmp11n.dll
c:\program files\newsoft\VistaShuttle\Card\LFCMP11n.DLL
c:\program files\newsoft\VistaShuttle\Card\lffax11n.dll
c:\program files\newsoft\VistaShuttle\Card\lftga11n.dll
c:\program files\newsoft\VistaShuttle\Card\lftif11n.dll
c:\program files\newsoft\VistaShuttle\Card\lfwmf11n.dll
c:\program files\newsoft\VistaShuttle\Card\Libs\4july1.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\4july2.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Anniver1.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Autumn01.jpg
c:\program files\newsoft\VistaShuttle\Card\Libs\Birthda0.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Birthday.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Bmpidx.dat
c:\program files\newsoft\VistaShuttle\Card\Libs\Cabana.jpg
c:\program files\newsoft\VistaShuttle\Card\Libs\Dog02.jpg
c:\program files\newsoft\VistaShuttle\Card\Libs\Dog03.jpg
c:\program files\newsoft\VistaShuttle\Card\Libs\Dog04.jpg
c:\program files\newsoft\VistaShuttle\Card\Libs\Easter1.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Easter2.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Estuary.jpg
c:\program files\newsoft\VistaShuttle\Card\Libs\Father1.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Father2.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Goodtime.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Graduat0.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Graduati.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Guitar.jpg
c:\program files\newsoft\VistaShuttle\Card\Libs\Hallow2.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Happy1.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Happy2.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Img0036.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Img0043.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Img0045.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Img0055.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Mother1.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Mother2.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Newbaby1.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\P-41.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\P-44.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Packbmp.dat
c:\program files\newsoft\VistaShuttle\Card\Libs\Packpmm.dat
c:\program files\newsoft\VistaShuttle\Card\Libs\photo1.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo10.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo12.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo14.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo17.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo19.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo2.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo20.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo22.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo24.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo3.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo4.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo5.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo6.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo8.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\photo9.bmp
c:\program files\newsoft\VistaShuttle\Card\Libs\Pmmidx.dat
c:\program files\newsoft\VistaShuttle\Card\Libs\Sanfranc.jpg
c:\program files\newsoft\VistaShuttle\Card\Libs\Saxophon.jpg
c:\program files\newsoft\VistaShuttle\Card\Libs\Shower1.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Shower2.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Sportin0.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Sporting.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Sydney.jpg
c:\program files\newsoft\VistaShuttle\Card\Libs\Thanks1.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Wedding1.tga
c:\program files\newsoft\VistaShuttle\Card\Libs\Wedding2.tga
c:\program files\newsoft\VistaShuttle\Card\LTDIS11n.dll
c:\program files\newsoft\VistaShuttle\Card\ltefx11n.dll
c:\program files\newsoft\VistaShuttle\Card\ltfil11n.DLL
c:\program files\newsoft\VistaShuttle\Card\ltimg11n.dll
c:\program files\newsoft\VistaShuttle\Card\ltkrn11n.dll
c:\program files\newsoft\VistaShuttle\Card\lttwn11n.dll
c:\program files\newsoft\VistaShuttle\Card\LTWND11n.DLL
c:\program files\newsoft\VistaShuttle\Card\Paper.lst
c:\program files\newsoft\VistaShuttle\Card\Pmagic.bix
c:\program files\newsoft\VistaShuttle\Card\Pmagic.bpk
c:\program files\newsoft\VistaShuttle\Card\Pmagic.cfg
c:\program files\newsoft\VistaShuttle\Card\Ready\4july1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\4july2.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Anniver1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Baby1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Birthda0.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Birthday.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm01.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm03.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm04.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm05.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm06.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm07.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm09.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm20.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\Cldm201.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm23.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm24.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldm26.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp01.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp02.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp04.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp05.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\Cldmp06.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp07.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp08.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp09.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp23.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp25.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp27.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldmp29.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldy01.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldy02.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldy03.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldy04.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\Cldy05.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\Cldy06.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\Cldy08.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldy11.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldy13.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldy14.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldy20.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\cldy21.etc
c:\program files\newsoft\VistaShuttle\Card\Ready\Easter1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Easter2.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Father1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Father2.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Graduat1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Graduat2.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Hallow1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Happy1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Mother1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Mother2.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\newl.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\newp.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Preview.bix
c:\program files\newsoft\VistaShuttle\Card\Ready\Preview.bpk
c:\program files\newsoft\VistaShuttle\Card\Ready\Shower1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Shower2.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\sign008.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign012.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign018.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign019.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign020.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign022.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign024.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign025.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign026.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign027.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign030.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign031.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign035.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign036.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign040.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign041.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\sign042.ets
c:\program files\newsoft\VistaShuttle\Card\Ready\Sport1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Sport2.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Thank1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Valent1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Wedding1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\y2000.ETS
c:\program files\newsoft\VistaShuttle\Card\Ready\Year1.etg
c:\program files\newsoft\VistaShuttle\Card\Ready\Year2.etg
c:\program files\newsoft\VistaShuttle\Card\Upmagic.exe
c:\program files\newsoft\VistaShuttle\copyrt.txt
c:\program files\newsoft\VistaShuttle\ECard\ecard.exe
c:\program files\newsoft\VistaShuttle\ECard\ECARD.INI
c:\program files\newsoft\VistaShuttle\ECard\Exebud32.dll
c:\program files\newsoft\VistaShuttle\ECard\Expvw32.exe
c:\program files\newsoft\VistaShuttle\ECard\FIOALL32.DLL
c:\program files\newsoft\VistaShuttle\ECard\Fiobmp32.dll
c:\program files\newsoft\VistaShuttle\ECard\FIOEXT32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOFPX32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOGIF32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOJPG32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOPCD32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOPCT32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOPCX32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOPNG32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOPOF32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOTGA32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOTIF32.DLL
c:\program files\newsoft\VistaShuttle\ECard\FIOWMF32.DLL
c:\program files\newsoft\VistaShuttle\ECard\frame\fram0001.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram0002.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram0003.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram0004.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram0005.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram0006.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram0007.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram0008.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\Fram0009.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram000a.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram000b.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram000c.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram000d.frm
c:\program files\newsoft\VistaShuttle\ECard\frame\fram000e.frm
c:\program files\newsoft\VistaShuttle\ECard\JPEGLIB.DLL
c:\program files\newsoft\VistaShuttle\ECard\mailpack.exe
c:\program files\newsoft\VistaShuttle\ECard\NSMAIL32.dll
c:\program files\newsoft\VistaShuttle\ECard\pack.dll
c:\program files\newsoft\VistaShuttle\ECard\photo\phto0001.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\Phto0002.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto0003.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto0004.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto0005.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto0006.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto0007.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\Phto0008.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto0009.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto000a.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto000b.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto000c.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto000d.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto000e.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\phto000f.jpg
c:\program files\newsoft\VistaShuttle\ECard\photo\Phto1000.jpg
c:\program files\newsoft\VistaShuttle\ECard\pmexebud32.dll
c:\program files\newsoft\VistaShuttle\ECard\PMMAIL.EXE
c:\program files\newsoft\VistaShuttle\ECard\PTSTAMP.DAT
c:\program files\newsoft\VistaShuttle\ECard\samples\Sample1.ctp
c:\program files\newsoft\VistaShuttle\ECard\samples\Sample2.ctp
c:\program files\newsoft\VistaShuttle\ECard\samples\Sample3.ctp
c:\program files\newsoft\VistaShuttle\ECard\samples\sample4.ctp
c:\program files\newsoft\VistaShuttle\ECard\samples\Sample5.ctp
c:\program files\newsoft\VistaShuttle\ECard\samples\Sample6.ctp
c:\program files\newsoft\VistaShuttle\ECard\samples\Sample7.ctp
c:\program files\newsoft\VistaShuttle\ECard\Sm.dll
c:\program files\newsoft\VistaShuttle\ECard\SMScan.dll
c:\program files\newsoft\VistaShuttle\ECard\SMTwain.dll
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0001.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0002.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0003.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0004.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0005.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0006.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0007.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0008.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0009.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp000a.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp000b.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp000c.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp000d.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp000e.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp000f.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0010.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0011.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0012.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0013.stp
c:\program files\newsoft\VistaShuttle\ECard\stamp\stmp0014.stp
c:\program files\newsoft\VistaShuttle\ECard\THUMBTAB.LIB
c:\program files\newsoft\VistaShuttle\ECard\UCIG3432.DLL
c:\program files\newsoft\VistaShuttle\ECard\UCIJPG32.DLL
c:\program files\newsoft\VistaShuttle\ECard\unpack.dll
c:\program files\newsoft\VistaShuttle\ECard\UXIMAIL.DLL
c:\program files\newsoft\VistaShuttle\ECard\UXMAIL32.DLL
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\wall0001.wpr
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0002.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0003.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0004.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0005.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0006.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0007.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0008.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0009.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0010.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0011.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0012.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0013.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0014.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0016.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0017.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0018.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0019.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0020.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0021.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0022.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0023.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0024.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0025.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0026.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0027.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0028.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0029.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0030.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0031.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0032.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0033.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0034.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0035.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0036.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0037.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0038.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0039.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0040.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0041.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0042.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0043.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0044.WPR
c:\program files\newsoft\VistaShuttle\ECard\wallpaper\WALL0045.WPR
c:\program files\newsoft\VistaShuttle\ECard\WaveFunc.dll
c:\program files\newsoft\VistaShuttle\ECard\WS_FTP.LOG
c:\program files\newsoft\VistaShuttle\Fiodll\Fioall32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiobmp32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fioext32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiofpx32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiogif32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiojpg32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiopcd32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiopct32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiopcx32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiopng32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiopof32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiotga32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiotif32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Fiowmf32.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Jpeglib.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Ucig3432.dll
c:\program files\newsoft\VistaShuttle\Fiodll\Ucijpg32.dll
c:\program files\newsoft\VistaShuttle\Sm.dll
c:\program files\newsoft\VistaShuttle\SMScan.dll
c:\program files\newsoft\VistaShuttle\SMScan.ini
c:\program files\newsoft\VistaShuttle\SMTwain.dll
c:\program files\newsoft\VistaShuttle\Uninst.isu
c:\program files\newsoft\VistaShuttle\VistaSetup.dll
c:\program files\newsoft\VistaShuttle\Vistawiz.exe
c:\program files\newsoft\VistaShuttle\Vistawiz.ini
c:\program files\newsoft\VistaShuttle\VShuttle.PDF
c:\windows\$NtUninstallKB39935$
c:\windows\$NtUninstallKB39935$\1825835220\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB39935$\1825835220\click.tlb
c:\windows\$NtUninstallKB39935$\1825835220\L\zetxuhdn
c:\windows\$NtUninstallKB39935$\1825835220\loader.tlb
c:\windows\$NtUninstallKB39935$\1825835220\U\@00000001
c:\windows\$NtUninstallKB39935$\1825835220\U\@000000c0
c:\windows\$NtUninstallKB39935$\1825835220\U\@000000cb
c:\windows\$NtUninstallKB39935$\1825835220\U\@000000cf
c:\windows\$NtUninstallKB39935$\1825835220\U\@80000000
c:\windows\$NtUninstallKB39935$\1825835220\U\@800000c0
c:\windows\$NtUninstallKB39935$\1825835220\U\@800000cb
c:\windows\$NtUninstallKB39935$\1825835220\U\@800000cf
c:\windows\$NtUninstallKB39935$\2839873766
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system\Color
c:\windows\system\Color\AS1220PR.ICM
c:\windows\system\Color\AS1220PT.ICM
c:\windows\system\Color\AS1220SR.ICM
c:\windows\system\Color\AS1220ST.ICM
c:\windows\system\Color\AS1220UR.ICM
c:\windows\system\Color\AS1220UT.ICM
c:\windows\system\Color\AS2000PR.ICM
c:\windows\system\Color\AS2000UR.ICM
c:\windows\system\Color\AS2100UR.ICM
c:\windows\system\Color\AS2100UT.ICM
c:\windows\system\Color\AS2200R.ICM
c:\windows\system\Color\AS2200T.ICM
c:\windows\system\Color\AS2400SR.ICM
c:\windows\system\Color\AS2400ST.ICM
c:\windows\system\Color\AS24SPSR.ICM
c:\windows\system\Color\AS24SPST.ICM
c:\windows\system\Color\AS3400R.ICM
c:\windows\system\Color\AS3400T.ICM
c:\windows\system\Color\AS4000UR.ICM
c:\windows\system\Color\AS4000UT.ICM
c:\windows\system\Color\ASTA12SR.ICM
c:\windows\system\Color\ASTA12ST.ICM
c:\windows\system\Color\ASTA61PR.ICM
c:\windows\system\Color\ASTA61SR.ICM
c:\windows\system\Color\ASTRA6PR.ICM
c:\windows\system\Color\ASTRA6PT.ICM
c:\windows\system\Color\ASTRA6SR.ICM
c:\windows\system\Color\ASTRA6ST.ICM
c:\windows\system\Color\BJC240M7.ICM
c:\windows\system\Color\BJC420LC.ICM
c:\windows\system\Color\BJC42HRP.ICM
c:\windows\system\Color\BJC42HRS.ICM
c:\windows\system\Color\BJC43HRS.ICM
c:\windows\system\Color\BJC43LCS.ICM
c:\windows\system\Color\BJC4550M.ICM
c:\windows\system\Color\BJC600EM.ICM
c:\windows\system\Color\BJC600M7.ICM
c:\windows\system\Color\BJC620CP.ICM
c:\windows\system\Color\BJC800M7.ICM
c:\windows\system\Color\CLC500M7.ICM
c:\windows\system\Color\CLC550SI.ICM
c:\windows\system\Color\EPSPRO36.ICM
c:\windows\system\Color\EPSPRO72.ICM
c:\windows\system\Color\ESC360M.ICM
c:\windows\system\Color\ESC800GL.ICM
c:\windows\system\Color\ESC800IJ.ICM
c:\windows\system\Color\ESCII360.ICM
c:\windows\system\Color\ESCII720.ICM
c:\windows\system\Color\HP12CPS7.ICM
c:\windows\system\Color\HP660CIP.ICM
c:\windows\system\Color\HP870CSE.ICM
c:\windows\system\Color\HP870PIP.ICM
c:\windows\system\Color\HPCLJTPS.ICM
c:\windows\system\Color\HPCLLSJT.ICM
c:\windows\system\Color\HPCLSMM7.ICM
c:\windows\system\Color\HPCPJTM7.ICM
c:\windows\system\Color\HPDJ850W.ICM
c:\windows\system\Color\HPPS_PIP.ICM
c:\windows\system\Color\HPXL3PS7.ICM
c:\windows\system\Color\KCOLEAS1.ICM
c:\windows\system\Color\LEX1020J.ICM
c:\windows\system\Color\LEX2030J.ICM
c:\windows\system\Color\LEX2050C.ICM
c:\windows\system\Color\LEX2070J.ICM
c:\windows\system\Color\P22G18M7.ICM
c:\windows\system\Color\S12R.ICM
c:\windows\system\Color\S12SYR.ICM
c:\windows\system\Color\S12SYT.ICM
c:\windows\system\Color\S12T.ICM
c:\windows\system\Color\S6ER.ICM
c:\windows\system\Color\S6ET.ICM
c:\windows\system\Color\S6R.ICM
c:\windows\system\Color\S6T.ICM
c:\windows\system\Color\S8R.ICM
c:\windows\system\Color\S8T.ICM
c:\windows\system\Color\T630R.ICM
c:\windows\system\Color\X863PM07.ICM
c:\windows\system\Color\XL7700M7.ICM
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\host
c:\windows\system32\ps2.bat
c:\windows\system32\regobj.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TDSSSERV
-------\Service_6cd408d4
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-19 21:55 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-19 21:55 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-19 21:55 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-19 21:55 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-19 21:55 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-19 21:55 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-19 21:55 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-19 21:55 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-17 18:29 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-08-17 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-08-17 18:28 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-08-17 18:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-17 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-17 18:20 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-17 18:20 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-08-17 03:21 . 2011-08-17 03:21 -------- d-----w- c:\windows\system32\scripting
2011-08-17 03:21 . 2011-08-17 03:21 -------- d-----w- c:\windows\system32\en
2011-08-17 03:21 . 2011-08-17 03:21 -------- d-----w- c:\windows\l2schemas
2011-08-14 23:31 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 23:31 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 16:36 . 2011-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator.BEDROOM1\Local Settings\Application Data\Mozilla
2011-08-14 16:07 . 2011-08-14 16:07 -------- d-----w- c:\documents and settings\Administrator.BEDROOM1\Application Data\Malwarebytes
2011-08-13 18:56 . 2011-08-14 23:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 03:23 . 2011-08-17 03:23 45056 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\util.dll
2011-08-17 03:23 . 2011-08-17 03:23 36864 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\gnu.dll
2011-08-17 03:23 . 2011-08-17 03:23 3072 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchealthde.exe
2011-08-17 03:23 . 2011-08-17 03:23 32768 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchapi.dll
2011-08-17 03:23 . 2011-08-17 03:23 98304 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PluginCtrl.dll
2011-08-17 03:23 . 2011-08-17 03:23 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\ZipLib.dll
2011-08-17 03:23 . 2011-08-17 03:23 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\WinVerifyTrust.dll
2011-08-17 03:23 . 2011-08-17 03:23 282624 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\clientutil52.dll
2011-08-17 03:23 . 2011-08-17 03:23 356352 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\client_motkt.dll
2011-08-17 03:23 . 2011-08-17 03:23 4096 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\winverifytrustwrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHI18N.dll
2011-08-17 03:23 . 2011-08-17 03:23 434176 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\motivede.dll
2011-08-17 03:23 . 2011-08-17 03:23 24576 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pcdapi.dll
2011-08-17 03:23 . 2011-08-17 03:23 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\hwinv.dll
2011-08-17 03:23 . 2011-08-17 03:23 212992 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2011-08-17 03:23 . 2011-08-17 03:23 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchealthplugin.dll
2011-08-17 03:23 . 2011-08-17 03:23 122880 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\SearchCtrl.dll
2011-08-17 03:23 . 2011-08-17 03:23 26572 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\INV16.dll
2011-08-17 03:23 . 2011-08-17 03:23 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\msxmlwrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 5632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\GUI.dll
2011-08-17 03:23 . 2011-08-17 03:23 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchmsxml.dll
2011-08-17 03:23 . 2011-08-17 03:23 139264 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\ContentUpdater.exe
2011-08-17 03:23 . 2011-08-17 03:23 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\FDIWrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 344064 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\api.dll
2011-08-17 03:23 . 2011-08-17 03:23 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\msxmlwrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchmsxml.dll
2011-08-17 03:23 . 2011-08-17 03:23 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchnotify.exe
2011-08-17 03:23 . 2011-08-17 03:23 159744 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exe
2011-08-17 03:23 . 2011-08-17 03:23 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\asst_ui.dll
2011-07-08 14:02 . 2003-11-18 14:19 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-02 15:53 . 2011-04-20 17:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-06-24 14:10 . 2003-11-18 14:20 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2006-08-06 00:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2003-11-18 14:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2003-11-18 14:17 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2006-08-06 00:10 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2003-10-11 02:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2003-10-11 02:22 1858944 ----a-w- c:\windows\system32\win32k.sys
2005-12-06 04:29 . 2005-12-06 04:29 27982360 ----a-w- c:\program files\vistaahuttle.exe
2005-12-06 04:18 . 2005-12-06 04:18 3401566 ----a-w- c:\program files\scannerdriver.exe
2005-07-11 22:09 . 2009-01-19 19:31 61440 ----a-w- c:\program files\Silica Volume Control.exe
2011-08-12 05:57 . 2011-08-19 21:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-12-04 210240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-11 202256]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Silica Volume Control.lnk - c:\program files\Silica Volume Control.exe [2009-1-19 61440]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-18 3450608]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2004-11-19 18944]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Personal Coach.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe [2007-3-5 2392064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\BEDROOM1\\B1 Boot\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Alias\\Maya6.0\\bin\\maya.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\3dsmax6\\3dsmax.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Stardock\\ObjectDock\\ObjectDock.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\123.com"=
"c:\\Program Files\\Avant Browser\\ybrowser.exe"=
"c:\\Program Files\\Avant Browser\\adownloader.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\TDSSKiller.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\MFAData\\SelfUpd\\avgmfapx.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\345.exe.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbb.com.exe"=
"c:\\Program Files\\real\\RealUpgrade\\realupgrade.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/14/2011 2:13 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/14/2011 2:13 PM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/14/2011 2:13 PM 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/14/2011 7:31 PM 366640]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [1/29/2003 3:08 PM 14416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/14/2011 7:31 PM 22712]
S2 aliasdocserver;Alias Documentation Server;"c:\program files\Alias\Maya6.0\docs\Wrapper.exe" -s "c:\program files\Alias\Maya6.0\docs/Wrapper.conf" --> c:\program files\Alias\Maya6.0\docs\Wrapper.exe [?]
S2 gupdate1cac0c3d90514a8;Google Update Service (gupdate1cac0c3d90514a8);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2010 10:37 PM 133104]
S2 mrtRate;mrtRate; [x]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe --> c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [?]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe --> c:\windows\system32\Wacom_Tablet.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2010 10:37 PM 133104]
S3 Sbvpum;Sbvpum; [x]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2/18/2005 9:28 PM 11520]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/3/2010 9:06 PM 15656]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-23 c:\windows\Tasks\AdobeAAMUpdater-1.0-BEDROOM1-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-06 08:44]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 02:37]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 02:37]
.
2011-08-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3387027933-1349042783-2816919633-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3387027933-1349042783-2816919633-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uCustomizeSearch =
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{5DFAE21F-DA6D-4D22-8E18-AAD20A7D9D59}: NameServer = 192.168.254.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\iaaf58sg.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-31288945.sys
HKLM_ActiveSetup-Nitro PDF Professional - //B
AddRemove-AnswerWorks - c:\program files\WexTech\AnswerWorks\Uninst.isu
AddRemove-LiveUpdate1.7 - c:\program files\\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-Passport to 35 Languages - s:\langua~1\PASSPO~1\PASSPO~1\PASSPO~1\UNWISE.EXE
AddRemove-Uninstall VistaShuttle - c:\program files\Newsoft\VistaShuttle\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 14:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\3557348460:2469132075.exe 816 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\windows\ALCXMNTR.EXE
c:\progra~1\Stardock\OBJECT~2\DesktopX\dxwidget.exe
.
**************************************************************************
.
Completion time: 2011-08-21 16:33:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-21 20:32
.
Pre-Run: 25,201,582,080 bytes free
Post-Run: 41,924,894,720 bytes free
.
- - End Of File - - 9243CC58AE3FEB5B31EC76334740ADDB

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 22 August 2011 - 03:17 AM

Please rerun TDSSkiller and have the scan delete the detected object.

When done, rerun combofix and post me the new log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 yellowrabbit

yellowrabbit
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 22 August 2011 - 11:25 AM

TDSSKiller didn't find anything but here is the log anyway.

2011/08/22 10:55:28.0812 0884 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/22 10:55:29.0046 0884 ================================================================================
2011/08/22 10:55:29.0046 0884 SystemInfo:
2011/08/22 10:55:29.0046 0884
2011/08/22 10:55:29.0046 0884 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/22 10:55:29.0046 0884 Product type: Workstation
2011/08/22 10:55:29.0046 0884 ComputerName: BEDROOM1
2011/08/22 10:55:29.0046 0884 UserName: Owner
2011/08/22 10:55:29.0046 0884 Windows directory: C:\WINDOWS
2011/08/22 10:55:29.0046 0884 System windows directory: C:\WINDOWS
2011/08/22 10:55:29.0046 0884 Processor architecture: Intel x86
2011/08/22 10:55:29.0046 0884 Number of processors: 2
2011/08/22 10:55:29.0046 0884 Page size: 0x1000
2011/08/22 10:55:29.0046 0884 Boot type: Normal boot
2011/08/22 10:55:29.0046 0884 ================================================================================
2011/08/22 10:55:30.0578 0884 Initialize success
2011/08/22 10:55:32.0046 3328 ================================================================================
2011/08/22 10:55:32.0046 3328 Scan started
2011/08/22 10:55:32.0046 3328 Mode: Manual;
2011/08/22 10:55:32.0046 3328 ================================================================================
2011/08/22 10:55:32.0890 3328 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/22 10:55:33.0406 3328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/22 10:55:33.0609 3328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/22 10:55:33.0968 3328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/22 10:55:34.0156 3328 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/22 10:55:34.0328 3328 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/08/22 10:55:34.0515 3328 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/22 10:55:35.0484 3328 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/08/22 10:55:35.0968 3328 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/22 10:55:36.0406 3328 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/08/22 10:55:36.0781 3328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/22 10:55:37.0453 3328 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/22 10:55:37.0640 3328 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/22 10:55:37.0843 3328 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/22 10:55:38.0062 3328 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/22 10:55:38.0250 3328 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/22 10:55:38.0453 3328 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/22 10:55:38.0625 3328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/22 10:55:38.0796 3328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/22 10:55:39.0187 3328 ati2mtag (7182bf0f2a392d48e4aa732b970aac9c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/22 10:55:39.0359 3328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/22 10:55:39.0546 3328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/22 10:55:39.0765 3328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/22 10:55:40.0015 3328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/22 10:55:40.0187 3328 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/22 10:55:40.0515 3328 CdaC15BA (f76cb7259aa575cc53f3996bc6b68c18) C:\WINDOWS\System32\drivers\CDAC15BA.SYS
2011/08/22 10:55:40.0703 3328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/22 10:55:40.0875 3328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/22 10:55:41.0046 3328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/22 10:55:42.0156 3328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/22 10:55:42.0359 3328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/22 10:55:42.0578 3328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/22 10:55:42.0750 3328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/22 10:55:42.0953 3328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/22 10:55:43.0312 3328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/22 10:55:43.0500 3328 DS1410D (1a51e03b66635280684e9edf34a2e8c0) C:\WINDOWS\System32\drivers\ds1410d.sys
2011/08/22 10:55:43.0687 3328 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/08/22 10:55:43.0906 3328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/22 10:55:44.0109 3328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/22 10:55:44.0296 3328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/22 10:55:44.0484 3328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/22 10:55:44.0671 3328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/22 10:55:44.0859 3328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/22 10:55:45.0109 3328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/22 10:55:45.0296 3328 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/22 10:55:45.0484 3328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/22 10:55:45.0734 3328 hardlock (c818b973110a1c9f7763dd39bffd0fd3) C:\WINDOWS\System32\drivers\hardlock.sys
2011/08/22 10:55:45.0906 3328 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\System32\drivers\Haspnt.sys
2011/08/22 10:55:46.0109 3328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/22 10:55:46.0484 3328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/22 10:55:46.0984 3328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/22 10:55:47.0187 3328 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/22 10:55:47.0390 3328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/22 10:55:47.0781 3328 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/08/22 10:55:47.0937 3328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/22 10:55:48.0125 3328 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/22 10:55:48.0296 3328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/22 10:55:48.0468 3328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/22 10:55:48.0656 3328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/22 10:55:48.0843 3328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/22 10:55:49.0031 3328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/22 10:55:49.0203 3328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/22 10:55:49.0390 3328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/22 10:55:49.0578 3328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/22 10:55:49.0750 3328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/22 10:55:49.0937 3328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/22 10:55:50.0343 3328 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/08/22 10:55:50.0531 3328 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/22 10:55:50.0765 3328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/22 10:55:50.0953 3328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/22 10:55:51.0140 3328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/22 10:55:51.0312 3328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/22 10:55:51.0500 3328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/22 10:55:52.0015 3328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/22 10:55:52.0218 3328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/22 10:55:52.0421 3328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/22 10:55:52.0593 3328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/22 10:55:52.0781 3328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/22 10:55:52.0968 3328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/22 10:55:53.0140 3328 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/22 10:55:53.0312 3328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/22 10:55:53.0500 3328 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/08/22 10:55:53.0671 3328 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/22 10:55:53.0890 3328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/22 10:55:54.0093 3328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/22 10:55:54.0265 3328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/22 10:55:54.0437 3328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/22 10:55:54.0625 3328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/22 10:55:54.0796 3328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/22 10:55:54.0984 3328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/22 10:55:55.0171 3328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/22 10:55:55.0406 3328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/22 10:55:55.0609 3328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/22 10:55:55.0812 3328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/22 10:55:56.0046 3328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/22 10:55:56.0312 3328 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/22 10:55:56.0562 3328 nvcap (9b7accfac9b19b98d54f45a9cf61ca39) C:\WINDOWS\system32\DRIVERS\nvcap.sys
2011/08/22 10:55:56.0750 3328 NVXBAR (bef79a5b5a01bb749afbed27837e6311) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
2011/08/22 10:55:56.0937 3328 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/08/22 10:55:57.0125 3328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/22 10:55:57.0312 3328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/22 10:55:57.0484 3328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/22 10:55:57.0703 3328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/22 10:55:57.0875 3328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/22 10:55:58.0062 3328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/22 10:55:58.0265 3328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/22 10:55:58.0593 3328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/22 10:55:58.0781 3328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/22 10:55:58.0953 3328 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/08/22 10:55:59.0453 3328 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\WINDOWS\system32\drivers\PDIHWCTL.sys
2011/08/22 10:56:00.0296 3328 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\System32\drivers\pfc.sys
2011/08/22 10:56:00.0484 3328 pivot (4d0df4dbaaefc3f2f87b92f513cbe54f) C:\WINDOWS\system32\drivers\pivot.sys
2011/08/22 10:56:00.0671 3328 pivotmou (0001b0b6bd76a6c9a59794272c441248) C:\WINDOWS\system32\drivers\pivotmou.sys
2011/08/22 10:56:00.0859 3328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/22 10:56:01.0046 3328 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/22 10:56:01.0234 3328 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/08/22 10:56:01.0437 3328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/22 10:56:01.0640 3328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/22 10:56:01.0828 3328 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/08/22 10:56:02.0781 3328 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
2011/08/22 10:56:02.0968 3328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/22 10:56:03.0156 3328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/22 10:56:03.0359 3328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/22 10:56:03.0546 3328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/22 10:56:03.0718 3328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/22 10:56:03.0921 3328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/22 10:56:04.0109 3328 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/22 10:56:04.0312 3328 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/08/22 10:56:04.0515 3328 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2011/08/22 10:56:04.0718 3328 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\System32\Drivers\SbcpHid.sys
2011/08/22 10:56:04.0906 3328 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/08/22 10:56:05.0125 3328 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/22 10:56:05.0328 3328 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
2011/08/22 10:56:05.0500 3328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/22 10:56:05.0718 3328 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/22 10:56:05.0906 3328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/22 10:56:06.0125 3328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/22 10:56:06.0484 3328 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/08/22 10:56:06.0671 3328 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/08/22 10:56:06.0875 3328 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/08/22 10:56:07.0062 3328 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/22 10:56:07.0250 3328 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/22 10:56:07.0578 3328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/22 10:56:07.0781 3328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/22 10:56:08.0000 3328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/22 10:56:08.0218 3328 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/22 10:56:08.0375 3328 SunkFilt (2087b202cfe8a2f8a59cecfffbec58d5) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/08/22 10:56:08.0750 3328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/22 10:56:08.0937 3328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/22 10:56:09.0796 3328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/22 10:56:10.0015 3328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/22 10:56:10.0203 3328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/22 10:56:10.0406 3328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/22 10:56:10.0578 3328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/22 10:56:10.0968 3328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/22 10:56:11.0343 3328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/22 10:56:11.0562 3328 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/22 10:56:11.0750 3328 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/22 10:56:11.0937 3328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/22 10:56:12.0140 3328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/22 10:56:12.0328 3328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/22 10:56:12.0515 3328 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/22 10:56:12.0703 3328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/22 10:56:12.0875 3328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/22 10:56:13.0062 3328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/22 10:56:13.0250 3328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/22 10:56:13.0406 3328 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/08/22 10:56:13.0609 3328 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/08/22 10:56:13.0796 3328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/22 10:56:13.0984 3328 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/08/22 10:56:14.0171 3328 viagfx (e8c619c6c6bde90d130dda87150e1944) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/08/22 10:56:14.0406 3328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/08/22 10:56:14.0593 3328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/22 10:56:14.0828 3328 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/08/22 10:56:15.0015 3328 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/08/22 10:56:15.0203 3328 wacomvhid (6843fd7db708b14ea4d8092abb464244) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/08/22 10:56:15.0406 3328 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
2011/08/22 10:56:15.0593 3328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/22 10:56:15.0953 3328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/22 10:56:16.0250 3328 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/08/22 10:56:16.0453 3328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/22 10:56:16.0671 3328 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/22 10:56:16.0859 3328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/22 10:56:17.0046 3328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/22 10:56:17.0359 3328 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/08/22 10:56:17.0593 3328 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/08/22 10:56:17.0718 3328 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/22 10:56:17.0906 3328 Boot (0x1200) (fcbcae8423e5dd784fd314c68ee3f333) \Device\Harddisk0\DR0\Partition0
2011/08/22 10:56:17.0937 3328 Boot (0x1200) (d867016bd272172247b953c604dcdafb) \Device\Harddisk0\DR0\Partition1
2011/08/22 10:56:17.0953 3328 ================================================================================
2011/08/22 10:56:17.0953 3328 Scan finished
2011/08/22 10:56:17.0953 3328 ================================================================================
2011/08/22 10:56:17.0984 3408 Detected object count: 0
2011/08/22 10:56:17.0984 3408 Actual detected object count: 0
2011/08/22 10:56:21.0984 0964 Deinitialize success



And the ComboFix scan log.


ComboFix 11-08-21.01 - Owner 08/22/2011 11:02:38.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1439 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-19 21:55 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-19 21:55 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-19 21:55 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-19 21:55 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-19 21:55 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-19 21:55 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-19 21:55 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-19 21:55 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-17 18:29 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-08-17 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-08-17 18:28 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-08-17 18:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-17 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-17 18:20 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-17 18:20 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-08-17 03:21 . 2011-08-17 03:21 -------- d-----w- c:\windows\system32\scripting
2011-08-17 03:21 . 2011-08-17 03:21 -------- d-----w- c:\windows\system32\en
2011-08-17 03:21 . 2011-08-17 03:21 -------- d-----w- c:\windows\l2schemas
2011-08-14 23:31 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 23:31 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 16:36 . 2011-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator.BEDROOM1\Local Settings\Application Data\Mozilla
2011-08-14 16:07 . 2011-08-14 16:07 -------- d-----w- c:\documents and settings\Administrator.BEDROOM1\Application Data\Malwarebytes
2011-08-13 18:56 . 2011-08-14 23:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 03:23 . 2011-08-17 03:23 45056 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\util.dll
2011-08-17 03:23 . 2011-08-17 03:23 36864 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\gnu.dll
2011-08-17 03:23 . 2011-08-17 03:23 3072 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchealthde.exe
2011-08-17 03:23 . 2011-08-17 03:23 32768 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchapi.dll
2011-08-17 03:23 . 2011-08-17 03:23 98304 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PluginCtrl.dll
2011-08-17 03:23 . 2011-08-17 03:23 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\ZipLib.dll
2011-08-17 03:23 . 2011-08-17 03:23 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\WinVerifyTrust.dll
2011-08-17 03:23 . 2011-08-17 03:23 282624 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\clientutil52.dll
2011-08-17 03:23 . 2011-08-17 03:23 356352 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\client_motkt.dll
2011-08-17 03:23 . 2011-08-17 03:23 4096 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\winverifytrustwrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHI18N.dll
2011-08-17 03:23 . 2011-08-17 03:23 434176 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\motivede.dll
2011-08-17 03:23 . 2011-08-17 03:23 24576 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pcdapi.dll
2011-08-17 03:23 . 2011-08-17 03:23 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\hwinv.dll
2011-08-17 03:23 . 2011-08-17 03:23 212992 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2011-08-17 03:23 . 2011-08-17 03:23 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchealthplugin.dll
2011-08-17 03:23 . 2011-08-17 03:23 122880 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\SearchCtrl.dll
2011-08-17 03:23 . 2011-08-17 03:23 26572 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\INV16.dll
2011-08-17 03:23 . 2011-08-17 03:23 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\msxmlwrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 5632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\GUI.dll
2011-08-17 03:23 . 2011-08-17 03:23 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchmsxml.dll
2011-08-17 03:23 . 2011-08-17 03:23 139264 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\ContentUpdater.exe
2011-08-17 03:23 . 2011-08-17 03:23 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\FDIWrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 344064 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\api.dll
2011-08-17 03:23 . 2011-08-17 03:23 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\msxmlwrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchmsxml.dll
2011-08-17 03:23 . 2011-08-17 03:23 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchnotify.exe
2011-08-17 03:23 . 2011-08-17 03:23 159744 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exe
2011-08-17 03:23 . 2011-08-17 03:23 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\asst_ui.dll
2011-07-08 14:02 . 2003-11-18 14:19 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-02 15:53 . 2011-04-20 17:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-06-24 14:10 . 2003-11-18 14:20 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2006-08-06 00:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2003-11-18 14:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2003-11-18 14:17 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2006-08-06 00:10 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2003-10-11 02:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2003-10-11 02:22 1858944 ----a-w- c:\windows\system32\win32k.sys
2005-12-06 04:29 . 2005-12-06 04:29 27982360 ----a-w- c:\program files\vistaahuttle.exe
2005-12-06 04:18 . 2005-12-06 04:18 3401566 ----a-w- c:\program files\scannerdriver.exe
2005-07-11 22:09 . 2009-01-19 19:31 61440 ----a-w- c:\program files\Silica Volume Control.exe
2011-08-12 05:57 . 2011-08-19 21:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-12-04 210240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-11 202256]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Silica Volume Control.lnk - c:\program files\Silica Volume Control.exe [2009-1-19 61440]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-18 3450608]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2004-11-19 18944]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Personal Coach.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe [2007-3-5 2392064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\BEDROOM1\\B1 Boot\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Alias\\Maya6.0\\bin\\maya.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\3dsmax6\\3dsmax.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Stardock\\ObjectDock\\ObjectDock.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\123.com"=
"c:\\Program Files\\Avant Browser\\ybrowser.exe"=
"c:\\Program Files\\Avant Browser\\adownloader.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\TDSSKiller.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\MFAData\\SelfUpd\\avgmfapx.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\345.exe.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbb.com.exe"=
"c:\\Program Files\\real\\RealUpgrade\\realupgrade.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/14/2011 2:13 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/14/2011 2:13 PM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/14/2011 2:13 PM 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/14/2011 7:31 PM 366640]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [1/29/2003 3:08 PM 14416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/14/2011 7:31 PM 22712]
S2 aliasdocserver;Alias Documentation Server;"c:\program files\Alias\Maya6.0\docs\Wrapper.exe" -s "c:\program files\Alias\Maya6.0\docs/Wrapper.conf" --> c:\program files\Alias\Maya6.0\docs\Wrapper.exe [?]
S2 gupdate1cac0c3d90514a8;Google Update Service (gupdate1cac0c3d90514a8);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2010 10:37 PM 133104]
S2 mrtRate;mrtRate; [x]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe --> c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [?]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe --> c:\windows\system32\Wacom_Tablet.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2010 10:37 PM 133104]
S3 Sbvpum;Sbvpum; [x]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2/18/2005 9:28 PM 11520]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/3/2010 9:06 PM 15656]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 58752432
*Deregistered* - 58752432
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-23 c:\windows\Tasks\AdobeAAMUpdater-1.0-BEDROOM1-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-06 08:44]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 02:37]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 02:37]
.
2011-08-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3387027933-1349042783-2816919633-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3387027933-1349042783-2816919633-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uCustomizeSearch =
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{5DFAE21F-DA6D-4D22-8E18-AAD20A7D9D59}: NameServer = 192.168.254.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\iaaf58sg.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 11:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\3557348460:2469132075.exe 816 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-22 11:41:27
ComboFix-quarantined-files.txt 2011-08-22 15:41
ComboFix2.txt 2011-08-21 20:33
.
Pre-Run: 41,790,545,920 bytes free
Post-Run: 41,754,361,856 bytes free
.
- - End Of File - - 56F791478D8553BDDE4F274677DFF188

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 22 August 2011 - 02:10 PM

Hi again, please try this.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
ADS::
c:\windows\3557348460

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 yellowrabbit

yellowrabbit
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 23 August 2011 - 10:58 AM

I ran ComboFix again with the CF script. When I run it however it always says that I have AVG running but I uninstalled it a while ago and now use Avast. I disabled Avast but ComboFix detects that AVG is running.


ComboFix 11-08-21.01 - Owner 08/22/2011 20:39:02.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1381 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-23 00:28 . 2011-08-23 00:28 -------- d-----w- c:\program files\Perfect Uninstaller
2011-08-19 21:55 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-19 21:55 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-19 21:55 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-19 21:55 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-19 21:55 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-19 21:55 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-19 21:55 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-19 21:55 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-17 18:29 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-08-17 18:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-08-17 18:28 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-08-17 18:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-17 18:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-17 18:20 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-17 18:20 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-08-17 03:21 . 2011-08-17 03:21 -------- d-----w- c:\windows\system32\scripting
2011-08-17 03:21 . 2011-08-17 03:21 -------- d-----w- c:\windows\system32\en
2011-08-17 03:21 . 2011-08-17 03:21 -------- d-----w- c:\windows\l2schemas
2011-08-14 23:31 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 23:31 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 16:36 . 2011-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator.BEDROOM1\Local Settings\Application Data\Mozilla
2011-08-14 16:07 . 2011-08-14 16:07 -------- d-----w- c:\documents and settings\Administrator.BEDROOM1\Application Data\Malwarebytes
2011-08-13 18:56 . 2011-08-14 23:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 03:23 . 2011-08-17 03:23 45056 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\util.dll
2011-08-17 03:23 . 2011-08-17 03:23 36864 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\gnu.dll
2011-08-17 03:23 . 2011-08-17 03:23 3072 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchealthde.exe
2011-08-17 03:23 . 2011-08-17 03:23 32768 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchapi.dll
2011-08-17 03:23 . 2011-08-17 03:23 98304 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PluginCtrl.dll
2011-08-17 03:23 . 2011-08-17 03:23 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\ZipLib.dll
2011-08-17 03:23 . 2011-08-17 03:23 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\WinVerifyTrust.dll
2011-08-17 03:23 . 2011-08-17 03:23 282624 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\clientutil52.dll
2011-08-17 03:23 . 2011-08-17 03:23 356352 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\client_motkt.dll
2011-08-17 03:23 . 2011-08-17 03:23 4096 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\winverifytrustwrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHI18N.dll
2011-08-17 03:23 . 2011-08-17 03:23 434176 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\motivede.dll
2011-08-17 03:23 . 2011-08-17 03:23 24576 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pcdapi.dll
2011-08-17 03:23 . 2011-08-17 03:23 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\hwinv.dll
2011-08-17 03:23 . 2011-08-17 03:23 212992 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\jsharpinterp.dll
2011-08-17 03:23 . 2011-08-17 03:23 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchealthplugin.dll
2011-08-17 03:23 . 2011-08-17 03:23 122880 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\SearchCtrl.dll
2011-08-17 03:23 . 2011-08-17 03:23 26572 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\INV16.dll
2011-08-17 03:23 . 2011-08-17 03:23 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\msxmlwrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 5632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\GUI.dll
2011-08-17 03:23 . 2011-08-17 03:23 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchmsxml.dll
2011-08-17 03:23 . 2011-08-17 03:23 139264 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\ContentUpdater.exe
2011-08-17 03:23 . 2011-08-17 03:23 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\FDIWrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 344064 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\api.dll
2011-08-17 03:23 . 2011-08-17 03:23 69632 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\msxmlwrapper.dll
2011-08-17 03:23 . 2011-08-17 03:23 315392 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchmsxml.dll
2011-08-17 03:23 . 2011-08-17 03:23 307200 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\pchnotify.exe
2011-08-17 03:23 . 2011-08-17 03:23 159744 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exe
2011-08-17 03:23 . 2011-08-17 03:23 114688 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\asst_ui.dll
2011-07-08 14:02 . 2003-11-18 14:19 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-02 15:53 . 2011-04-20 17:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-06-24 14:10 . 2003-11-18 14:20 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2006-08-06 00:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2003-11-18 14:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2003-11-18 14:17 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2006-08-06 00:10 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2003-10-11 02:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2003-10-11 02:22 1858944 ----a-w- c:\windows\system32\win32k.sys
2005-12-06 04:29 . 2005-12-06 04:29 27982360 ----a-w- c:\program files\vistaahuttle.exe
2005-12-06 04:18 . 2005-12-06 04:18 3401566 ----a-w- c:\program files\scannerdriver.exe
2005-07-11 22:09 . 2009-01-19 19:31 61440 ----a-w- c:\program files\Silica Volume Control.exe
2011-08-12 05:57 . 2011-08-19 21:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-12-04 210240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-11 202256]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Silica Volume Control.lnk - c:\program files\Silica Volume Control.exe [2009-1-19 61440]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-18 3450608]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2004-11-19 18944]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Personal Coach.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe [2007-3-5 2392064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\BEDROOM1\\B1 Boot\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Alias\\Maya6.0\\bin\\maya.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\3dsmax6\\3dsmax.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Stardock\\ObjectDock\\ObjectDock.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\123.com"=
"c:\\Program Files\\Avant Browser\\ybrowser.exe"=
"c:\\Program Files\\Avant Browser\\adownloader.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\TDSSKiller.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\MFAData\\SelfUpd\\avgmfapx.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\345.exe.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbb.com.exe"=
"c:\\Program Files\\real\\RealUpgrade\\realupgrade.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/14/2011 2:13 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/14/2011 2:13 PM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/14/2011 2:13 PM 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/14/2011 7:31 PM 366640]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [1/29/2003 3:08 PM 14416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/14/2011 7:31 PM 22712]
S2 aliasdocserver;Alias Documentation Server;"c:\program files\Alias\Maya6.0\docs\Wrapper.exe" -s "c:\program files\Alias\Maya6.0\docs/Wrapper.conf" --> c:\program files\Alias\Maya6.0\docs\Wrapper.exe [?]
S2 gupdate1cac0c3d90514a8;Google Update Service (gupdate1cac0c3d90514a8);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2010 10:37 PM 133104]
S2 mrtRate;mrtRate; [x]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe --> c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [?]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe --> c:\windows\system32\Wacom_Tablet.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2010 10:37 PM 133104]
S3 Sbvpum;Sbvpum; [x]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2/18/2005 9:28 PM 11520]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/3/2010 9:06 PM 15656]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 58752432
*Deregistered* - 58752432
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-23 c:\windows\Tasks\AdobeAAMUpdater-1.0-BEDROOM1-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-06 08:44]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 02:37]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 02:37]
.
2011-08-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3387027933-1349042783-2816919633-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-08-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3387027933-1349042783-2816919633-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uCustomizeSearch =
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{5DFAE21F-DA6D-4D22-8E18-AAD20A7D9D59}: NameServer = 192.168.254.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\iaaf58sg.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\3557348460:2469132075.exe 816 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
- - - - - - - > 'explorer.exe'(2372)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-22 21:17:04
ComboFix-quarantined-files.txt 2011-08-23 01:16
ComboFix2.txt 2011-08-22 15:41
ComboFix3.txt 2011-08-21 20:33
.
Pre-Run: 41,407,770,624 bytes free
Post-Run: 41,372,794,880 bytes free
.
- - End Of File - - C5F3A845C2A7D29350227C3D582C00DF

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 23 August 2011 - 12:08 PM

Hi again, to remove AVG remnants, run AVG remover.

The ADS doesn't seem to want to leave, so lets try to do that with another scan.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 yellowrabbit

yellowrabbit
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 23 August 2011 - 03:15 PM

OTL.txt

OTL logfile created on: 8/23/2011 3:36:47 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.92% Memory free
2.60 Gb Paging File | 2.21 Gb Available in Paging File | 84.82% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.06 Gb Total Space | 38.62 Gb Free Space | 27.18% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 0.61 Gb Free Space | 8.72% Space Free | Partition Type: FAT32

Computer Name: BEDROOM1 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/23 15:35:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 22:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/10 22:40:03 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/11/12 19:04:33 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/12/04 18:18:00 | 000,210,240 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2008/07/07 03:34:59 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/29 19:57:58 | 000,593,688 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\DesktopX\DXWidget.exe
PRC - [2007/04/30 20:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2005/05/10 19:31:22 | 000,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\Stardock\SDMCP.exe
PRC - [2004/01/31 17:34:29 | 000,018,944 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2003/08/14 21:11:32 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/05/23 05:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2002/08/30 13:02:58 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/23 05:30:11 | 001,288,704 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11082300\algo.dll
MOD - [2011/08/22 19:30:21 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11082300\aswRep.dll
MOD - [2008/12/04 18:18:00 | 000,210,240 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008/09/26 11:27:00 | 000,507,904 | ---- | M] () -- C:\Program Files\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
MOD - [2008/03/29 19:57:58 | 000,593,688 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\DesktopX\DXWidget.exe
MOD - [2007/04/30 20:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/23 01:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007/04/21 14:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 15:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\CrashRpt.dll
MOD - [2005/07/11 18:09:10 | 000,061,440 | ---- | M] () -- C:\Program Files\Silica Volume Control.exe
MOD - [2003/12/16 18:17:22 | 000,024,576 | ---- | M] () -- C:\Program Files\WS_FTP Pro\nsftpch.dll
MOD - [2003/12/16 18:03:54 | 000,069,632 | ---- | M] () -- C:\Program Files\WS_FTP Pro\wsfirscr.dll
MOD - [2003/12/16 18:03:42 | 000,139,264 | ---- | M] () -- C:\Program Files\WS_FTP Pro\wsftplib.dll
MOD - [2003/12/16 18:02:54 | 000,049,152 | ---- | M] () -- C:\Program Files\WS_FTP Pro\wshosts.dll
MOD - [2003/05/15 03:20:00 | 000,056,832 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/03/20 10:01:32 | 000,839,680 | ---- | M] () -- C:\Program Files\WS_FTP Pro\libeay32.dll
MOD - [2003/03/20 10:01:32 | 000,159,744 | ---- | M] () -- C:\Program Files\WS_FTP Pro\ssleay32.dll
MOD - [2002/11/19 15:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Stardock\ODimg.dll
MOD - [2002/03/13 20:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\ODimg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TabletServiceWacom)
SRV - File not found [Disabled | Stopped] -- -- (ScsiAccess)
SRV - File not found [On_Demand | Stopped] -- -- (Sbvpum)
SRV - File not found [Auto | Stopped] -- -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- -- (NetFxUpdate_v1.1.4322)
SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (C-DillaCdaC11BA)
SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- -- (aliasdocserver)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/11 15:09:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2003/12/09 07:38:14 | 000,065,625 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR)
SRV - [2003/12/09 07:32:58 | 000,065,622 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/10/06 14:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/07/11 14:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/07/07 03:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 14:45:33 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 20:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/04 15:59:06 | 000,009,260 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2004/10/04 15:59:04 | 000,015,913 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (pivot)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 22:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/07/11 11:25:24 | 000,453,632 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2004/07/11 11:25:24 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2004/04/11 13:39:30 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2004/02/26 11:27:07 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/02/17 06:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/09/03 11:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/03 02:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/08/13 22:50:36 | 000,039,648 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/08/13 09:34:00 | 000,594,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/30 05:15:00 | 000,126,348 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2003/07/30 05:15:00 | 000,013,006 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 02:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/05/06 18:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 11:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/02/20 19:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/01/29 15:08:32 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: c:\program files\real\realone player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: c:\program files\real\realone player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: c:\program files\real\realone player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/10 22:41:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/14 14:13:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/19 17:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/19 17:55:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/10/30 19:26:43 | 000,000,000 | ---D | M]

[2008/12/20 23:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/08/19 17:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iaaf58sg.default\extensions
[2011/04/16 22:39:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iaaf58sg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/20 23:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/08/12 01:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/21 14:03:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoTBar.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe (TLC Education Properties LLC)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Silica Volume Control.lnk = C:\Program Files\Silica Volume Control.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3387027933-1349042783-2816919633-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &WordWeb... - C:\WINDOWS\wweb32.dll (Antony Lewis)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 22:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 15:35:32 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/08/23 15:22:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/23 15:14:19 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/08/22 21:17:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/22 20:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller
[2011/08/22 20:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/08/21 12:05:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/21 12:05:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/21 12:05:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/21 12:05:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/21 12:05:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/21 12:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/21 11:59:41 | 004,179,400 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/08/20 19:18:33 | 001,405,744 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/08/17 14:29:38 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/08/17 14:28:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/08/17 14:28:20 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/08/17 14:25:09 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/17 14:25:06 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/08/17 14:20:21 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/17 14:20:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/08/17 11:23:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/08/16 23:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/08/16 23:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2011/08/16 23:21:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/08/16 23:21:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/08/16 18:31:40 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/08/14 19:31:30 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/14 19:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/14 19:31:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/14 14:13:53 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/14 14:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/08/14 14:13:52 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/14 14:13:49 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/14 14:13:49 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/14 14:13:49 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/14 14:13:48 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/14 14:13:48 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/14 14:13:48 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/14 14:13:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/14 14:13:20 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/14 14:13:20 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/14 14:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/14 14:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/13 18:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ironons3
[2011/08/13 14:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/06 14:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2005/12/06 00:29:32 | 027,982,360 | ---- | C] (Compaq Computer Corporation ) -- C:\Program Files\vistaahuttle.exe
[2005/12/06 00:18:03 | 003,401,566 | ---- | C] (Compaq) -- C:\Program Files\scannerdriver.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/23 15:35:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/08/23 15:29:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/23 15:25:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/23 15:24:32 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/08/23 15:24:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/23 15:24:22 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3387027933-1349042783-2816919633-1003.job
[2011/08/23 15:24:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/23 15:24:00 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/23 15:14:20 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Owner\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/08/22 20:28:17 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/08/22 20:28:13 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Perfect Uninstaller.lnk
[2011/08/22 20:03:15 | 059,270,823 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Renaissance Guitar.pdf
[2011/08/22 18:33:19 | 007,763,182 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Villa Lobos_Francette et Pia.pdf
[2011/08/22 18:22:06 | 041,388,474 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Solo Jazz Guitar.pdf
[2011/08/22 14:46:18 | 028,668,631 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Pentatonic Soloing Strategies for Guitar.pdf
[2011/08/21 14:03:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/21 11:59:48 | 004,179,400 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/08/20 19:18:07 | 001,389,603 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/08/19 17:55:43 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/19 17:55:42 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/08/19 17:55:15 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3387027933-1349042783-2816919633-1003.job
[2011/08/19 17:49:16 | 001,405,744 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/08/18 12:36:40 | 008,999,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/18 00:29:18 | 000,439,860 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/18 00:29:18 | 000,070,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/18 00:21:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/16 23:16:37 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/16 18:49:54 | 000,007,323 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2011/08/16 18:43:20 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/08/16 18:31:43 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/08/16 18:23:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/08/16 18:22:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/08/14 19:31:30 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/14 14:13:53 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/14 14:13:49 | 000,002,669 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/14 13:33:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3557348460
[2011/08/13 18:16:06 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/08/13 18:14:12 | 002,359,296 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money.mny
[2011/08/13 18:14:10 | 003,384,502 | R--- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money Backup.mbf
[2011/08/13 15:08:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2011/08/09 22:31:28 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/27 18:03:26 | 001,436,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\123.com
[2011/07/24 18:50:16 | 000,376,189 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MiniToolBox.exe
[2011/07/24 18:44:19 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/22 20:28:17 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/08/22 20:28:13 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Perfect Uninstaller.lnk
[2011/08/22 19:52:53 | 059,270,823 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The Renaissance Guitar.pdf
[2011/08/22 18:33:14 | 007,763,182 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Villa Lobos_Francette et Pia.pdf
[2011/08/22 18:17:32 | 041,388,474 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Solo Jazz Guitar.pdf
[2011/08/22 14:41:25 | 028,668,631 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Pentatonic Soloing Strategies for Guitar.pdf
[2011/08/21 12:05:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/21 12:05:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/21 12:05:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/21 12:05:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/21 12:05:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/20 19:18:04 | 001,389,603 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/08/20 19:11:19 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/19 17:55:42 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/16 18:49:54 | 000,007,323 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2011/08/16 18:43:19 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/08/16 18:23:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/08/16 18:22:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/08/14 19:31:30 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/14 14:13:53 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/13 13:38:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3557348460
[2011/07/27 18:03:24 | 001,436,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\123.com
[2011/07/24 18:50:16 | 000,376,189 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MiniToolBox.exe
[2011/07/24 18:44:18 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/06/01 11:13:01 | 000,086,870 | ---- | C] () -- C:\WINDOWS\System32\TransparentSCR.dat
[2011/04/20 13:31:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2011/04/20 13:31:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2011/01/01 20:16:17 | 000,153,200 | ---- | C] () -- C:\WINDOWS\PSPRT.INI
[2011/01/01 20:16:17 | 000,000,082 | ---- | C] () -- C:\WINDOWS\PSPRTGEN.INI
[2011/01/01 19:40:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ASR32311.DLL
[2010/07/26 18:42:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/07/15 23:25:01 | 000,081,920 | ---- | C] () -- C:\WINDOWS\ASR32311.DLL
[2010/07/15 23:25:01 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2009/04/15 22:08:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/19 15:31:16 | 000,061,440 | ---- | C] () -- C:\Program Files\Silica Volume Control.exe
[2008/12/04 18:18:04 | 000,509,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/14 20:49:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/07/31 18:54:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/03/12 17:16:29 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2008/03/12 17:16:29 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/05 15:21:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2006/01/05 19:16:00 | 000,000,106 | ---- | C] () -- C:\WINDOWS\XGUSB.INI
[2005/12/06 17:36:48 | 000,002,321 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2005/12/06 17:21:10 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ucmsp_32.ini
[2005/12/06 00:31:41 | 000,000,500 | ---- | C] () -- C:\WINDOWS\Upmagic.ini
[2005/12/06 00:31:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Vss.ini
[2005/10/06 22:29:32 | 000,000,830 | ---- | C] () -- C:\Program Files\forteManager.lnk
[2005/07/15 20:56:57 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/15 20:56:42 | 000,003,683 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/17 17:21:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2005/03/12 10:33:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sys_dll.dll
[2005/03/10 22:24:16 | 000,000,332 | ---- | C] () -- C:\WINDOWS\NEWMIKE.INI
[2005/02/25 18:57:17 | 000,001,982 | ---- | C] () -- C:\Program Files\Microtek ScanWizard Pro V6.521.lnk
[2005/02/25 09:26:50 | 000,000,720 | ---- | C] () -- C:\WINDOWS\XMLEditor3.INI
[2005/02/18 21:45:23 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2005/02/18 21:44:42 | 000,000,072 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2005/02/18 21:21:31 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2005/02/18 21:19:03 | 000,000,500 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2005/02/01 12:09:38 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005/02/01 12:09:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2005/02/01 12:09:37 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/01 12:09:37 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/01/07 20:15:55 | 000,032,200 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2005/01/07 20:15:55 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2005/01/07 20:15:55 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2005/01/07 20:15:55 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/01/07 20:10:27 | 000,000,043 | ---- | C] () -- C:\WINDOWS\EP4180.ini
[2004/12/24 21:55:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/11/02 14:11:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\HAUNTE~1.ini
[2004/09/06 01:43:49 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2004/08/20 14:56:04 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/08/20 14:56:03 | 000,001,236 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/08/14 20:06:41 | 000,002,397 | ---- | C] () -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2004/08/14 19:56:41 | 000,105,199 | ---- | C] () -- C:\WINDOWS\Restart.EXE
[2004/08/14 19:56:41 | 000,017,806 | ---- | C] () -- C:\WINDOWS\PCDOC.exe
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/27 17:50:00 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2004/07/27 17:39:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/07/11 11:25:24 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2004/07/11 11:25:14 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2004/04/25 16:40:13 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/04/25 14:02:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/04/21 11:10:24 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\fxdb.dll
[2004/04/21 11:09:12 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2004/04/21 11:09:12 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2004/04/21 11:09:12 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2004/04/08 09:32:41 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/03/20 20:27:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/03/12 10:23:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2004/02/21 17:58:56 | 000,015,484 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/02/21 11:18:33 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/02/21 11:08:08 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\sversion.ini
[2004/02/21 11:02:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2004/02/16 13:31:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2004/02/02 11:33:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2004/02/02 11:24:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/02/02 11:13:48 | 000,006,127 | ---- | C] () -- C:\WINDOWS\vista32.ini
[2004/02/02 11:13:48 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/02/02 11:13:48 | 000,000,065 | ---- | C] () -- C:\WINDOWS\umaxdrv.ini
[2004/02/02 11:13:33 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2004/02/02 11:13:15 | 000,135,200 | ---- | C] () -- C:\WINDOWS\u2x00_32.dll
[2004/02/02 11:13:15 | 000,106,528 | ---- | C] () -- C:\WINDOWS\u1230_32.dll
[2004/02/02 11:13:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\u2200_32.dll
[2004/02/02 11:13:15 | 000,016,279 | ---- | C] () -- C:\WINDOWS\uns3400.ini
[2004/02/02 11:13:14 | 000,012,648 | ---- | C] () -- C:\WINDOWS\scan05a.ini
[2004/02/02 11:13:14 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys
[2004/02/02 11:13:14 | 000,000,726 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini
[2004/02/02 11:13:13 | 000,082,012 | ---- | C] () -- C:\WINDOWS\System32\usq3400.dll
[2004/02/02 11:13:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\sqEp2Usb.dll
[2004/02/02 11:13:12 | 000,064,845 | ---- | C] () -- C:\WINDOWS\pmmail.exe
[2004/02/02 11:13:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll
[2004/02/02 11:13:12 | 000,021,504 | ---- | C] () -- C:\WINDOWS\imgtortf.exe
[2004/02/02 11:13:10 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll
[2004/01/29 21:00:23 | 000,227,328 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/29 19:50:44 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2004/01/27 00:09:50 | 000,000,424 | ---- | C] () -- C:\WINDOWS\cp34uapi.ini
[2004/01/27 00:09:25 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini
[2004/01/26 20:48:52 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2004/01/26 20:26:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2003/11/18 10:19:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/11/18 10:19:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/11/18 10:19:49 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/11/18 10:19:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/11/18 10:19:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/11/18 10:19:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/11/18 10:19:20 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/11/18 10:18:21 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/11/18 10:17:45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/10/14 01:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 01:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/10/14 01:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/13 18:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/13 18:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/11 04:15:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003/10/11 01:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 01:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 01:26:40 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/10/11 01:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 01:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 01:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 01:18:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 01:07:37 | 000,001,090 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/11 00:30:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2003/10/11 00:30:06 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2003/10/11 00:30:06 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2003/10/11 00:12:25 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2003/10/11 00:12:25 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2003/10/10 23:47:15 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2003/10/10 23:47:15 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2003/10/10 23:39:27 | 000,014,676 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2003/10/10 23:39:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2003/10/10 23:31:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/10 23:25:30 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/10/10 23:24:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/10/10 23:23:54 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003/10/10 23:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/10/10 23:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/10/10 23:09:18 | 000,028,768 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2003/10/10 23:09:18 | 000,024,670 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2003/10/10 23:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/10 22:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/10 22:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/10 22:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/10 22:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/10 22:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/10 22:30:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/10/10 22:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/10 22:22:15 | 000,439,860 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/10/10 22:22:15 | 000,070,272 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/10/10 15:26:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/10 15:25:42 | 008,999,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 15:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3557348460:2469132075.exe
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


Extras.txt


OTL Extras logfile created on: 8/23/2011 3:36:47 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.92% Memory free
2.60 Gb Paging File | 2.21 Gb Available in Paging File | 84.82% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.06 Gb Total Space | 38.62 Gb Free Space | 27.18% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 0.61 Gb Free Space | 8.72% Space Free | Partition Type: FAT32

Computer Name: BEDROOM1 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3387027933-1349042783-2816919633-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\\BEDROOM1\B1 Boot\Program Files\Yahoo!\Messenger\YPager.exe" = \\BEDROOM1\B1 Boot\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Alias\Maya6.0\bin\maya.exe" = C:\Program Files\Alias\Maya6.0\bin\maya.exe:*:Enabled:Maya -- (Alias)
"C:\3dsmax6\3dsmax.exe" = C:\3dsmax6\3dsmax.exe:*:Enabled:3ds max application -- (Discreet, a division of Autodesk, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Stardock\ObjectDock\ObjectDock.exe" = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe:*:Enabled:ObjectDock -- (Stardock)
"C:\Documents and Settings\Owner\Desktop\123.com" = C:\Documents and Settings\Owner\Desktop\123.com:*:Enabled:TDSS rootkit removing tool -- ()
"C:\Program Files\Avant Browser\ybrowser.exe" = C:\Program Files\Avant Browser\ybrowser.exe:*:Enabled:Avant Browser -- (Avant Force)
"C:\Program Files\Avant Browser\adownloader.exe" = C:\Program Files\Avant Browser\adownloader.exe:*:Enabled:adownloader -- ()
"C:\Program Files\Avant Browser\avant.exe" = C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser -- (Avant Force)
"C:\Documents and Settings\Owner\My Documents\Downloads\TDSSKiller.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool -- ()
"C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe" = C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe:*:Enabled:AVG Installer Application -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Malwarebytes' Anti-Malware\345.exe.exe" = C:\Program Files\Malwarebytes' Anti-Malware\345.exe.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()
"C:\Program Files\Malwarebytes' Anti-Malware\mbb.com.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbb.com.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()
"C:\Program Files\real\RealUpgrade\realupgrade.exe" = C:\Program Files\real\RealUpgrade\realupgrade.exe:*:Enabled:RealUpgrade Launcher -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{181EAEE6-AAE5-485B-8BAC-0FB564626781}" = Brava! Reader 3.1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EAD84B8-0075-432A-BFFF-B197581265AF}" = Transparent Language System
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F2FE64-EFCE-4FC5-8FEB-16B688578F89}" = Nitro PDF Professional
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3191ADFC-5BA3-474D-BCBA-1B5615ABFFC1}" = character studio 4.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3640E304-9CFB-4876-8F7D-C0AE8DCE5FC9}" = Byki
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4A344E44-3337-11D9-8629-00055DFD8F8E}" = Microtek Scanner ICC Profiler
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}" = Photohands 1.0E
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{657DD6DA-B07B-40FF-9DBD-2116F7E83CF6}" = OpenMG Secure Module 3.4.00
"{65BBFD01-69DF-4D0F-B4FB-2DAFA1E1D393}" = Maya 6.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E6A869-8B59-4619-A9E9-58DDFA7C05B8}" = 3ds max 6
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.1E
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A0307120-889A-11D8-8627-00055DFD8F8E}" = Color Matching System
"{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}" = Mavis Beacon Teaches Typing 15
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600207}" = MSN Messenger 6.1
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ADD53756-F4C3-4797-85B3-D8B3D1FC93B3}" = forteManager
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BC14A1F6-0511-4360-8351-FB7964979317}" = 3ds max 6 Reference Files
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1334AAA-5C3E-11D6-8FC3-0080C85A0C2D}" = ScanWizard Pro
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Premium
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D5F9E6AA-7075-49EC-992F-A6213C73607F}" = Adobe Photoshop Album
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DD8C1183-6548-4A43-B9E5-CD0E970751E4}" = 3ds max 6 Architectural Materials
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E319A521-6D29-4392-9BCE-50173EE6F618}" = Lexicon Multilingual
"{E38E1721-7FE7-11D4-A898-0000E83DCDA6}" = Ulead Photo Explorer 7.0 SE
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EC63CD9C-676B-4384-A280-378842B99DCA}" = 3ds max 6 Sample Files
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ311
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"040a_5005" = USB MassStorage CardReader
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Image Viewer Plugin" = Adobe Image Viewer Plugin 4.0
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ATI Display Driver" = ATI Display Driver
"AtomixMP3 v2.2" = AtomixMP3 v2.2
"Audacity_is1" = Audacity 1.2.6
"AvantBrowser" = Avant Browser (remove only)
"avast" = avast! Free Antivirus
"BackWeb-137903 Uninstaller" = Updates from HP
"BFBCBAE3-8293-4215-9C4F-C2402C118EDB" = Otto from Hewlett-Packard Desktops (remove only)
"BitTorrent" = BitTorrent
"BroadJump Client Foundation" = BroadJump Client Foundation
"BSPlayerf" = BS.Player FREE
"Byki Deluxe" = Byki Deluxe
"Byki Express" = Byki Express
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"Canon MG6100 series User Registration" = Canon MG6100 series User Registration
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CdaC13Ba" = SafeCast Shared Components
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Corel Applications" = Corel Applications
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DesktopX" = DesktopX
"DVD Shrink_is1" = DVD Shrink 3.2
"E28167F1-3F42-40C7-9119-1D5A97444F10" = Blackhawk Striker from Hewlett-Packard Desktops (remove only)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Free FLV Converter_is1" = Free FLV Converter V 6.6.3
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 1.99.1
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"HPTOOLKIT" = toolkit
"Ideal DVD Copy_is1" = Ideal DVD Copy V3.2.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.17
"Lingua Match deu-eng-usa" = Lingua Match deu-eng-usa
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Maya 6.0 Documentation Server" = Maya 6.0 Documentation Server
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.1 (Remove Only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" =
"NVIDIA GART Driver" = NVIDIA GART Driver
"ObjectDock" = ObjectDock
"OpenMG HotFix3.4-03-12-16-01" = OpenMG Limited Patch 3.4-03-12-16-01
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"PowerISO" = PowerISO
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"TMM60" = TeLL me More
"Transparent Language System" = Transparent Language System
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VirtualCloneDrive" = VirtualCloneDrive
"Visual C++ 6.0 Professional Edition" = Microsoft Visual C++ 6.0 Professional Edition
"Wacom Tablet Driver" = Wacom Tablet
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordWeb" = WordWeb
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3387027933-1349042783-2816919633-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player
"OpenOffice.org 1.1.0" = OpenOffice.org 1.1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2011 12:18:10 AM | Computer Name = BEDROOM1 | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 8/23/2011 3:24:59 PM | Computer Name = BEDROOM1 | Source = Service Control Manager | ID = 7000
Description = The Microsoft .NET Framework v1.1.4322 Update service failed to start
due to the following error: %%2

Error - 8/23/2011 3:24:59 PM | Computer Name = BEDROOM1 | Source = Service Control Manager | ID = 7000
Description = The NMSAccessU service failed to start due to the following error:
%%2

Error - 8/23/2011 3:24:59 PM | Computer Name = BEDROOM1 | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%1058

Error - 8/23/2011 3:24:59 PM | Computer Name = BEDROOM1 | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%1058

Error - 8/23/2011 3:24:59 PM | Computer Name = BEDROOM1 | Source = Service Control Manager | ID = 7000
Description = The TabletServiceWacom service failed to start due to the following
error: %%2

Error - 8/23/2011 3:25:13 PM | Computer Name = BEDROOM1 | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service iPod Service with
arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 8/23/2011 3:25:13 PM | Computer Name = BEDROOM1 | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%2

Error - 8/23/2011 3:25:13 PM | Computer Name = BEDROOM1 | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 8/23/2011 3:25:13 PM | Computer Name = BEDROOM1 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 8/23/2011 3:25:13 PM | Computer Name = BEDROOM1 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066


< End of report >

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:49 AM

Posted 23 August 2011 - 03:56 PM

Hi again,

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :otl
    @Alternate Data Stream - 816 bytes -> C:\WINDOWS\3557348460:2469132075.exe
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :commands
    [reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users