Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that causes svchost.exe errors


  • This topic is locked This topic is locked
31 replies to this topic

#1 Bluegent

Bluegent

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 24 October 2012 - 01:55 PM

I tired to scan with all the programs I could use, but I picked up nothing.
This virus/malware makes my taskbar briefly change theme back to win98 theme, disables my firewall and audio mixer device, slows down my internet and Visual Studio 2010 debugger warns me of an uhandled win32 exception of svchost.exe. If I do nothing with the debugger window, nothing happens, but if I press yes or no, the problems I mentioned start appearing.

Here's my DDS log.

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by Mike at 19:42:45 on 2012-10-24
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2021 [GMT 3:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\UXPACK~1\VISTAD~1\DrvIcon.exe
C:\WINDOWS\system32\WTMKM.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Program Files\ashut21\AutoShutdown\autoshutdown2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\GXStandard16-in-1\GXStandard16in1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\changepaper\changepaper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.windowsxlive.net
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AutoShutdown] d:\program files\ashut21\autoshutdown\autoshutdown2.exe
uRun: [OscarEditor] "c:\program files\gxstandard16-in-1\GXStandard16in1.exe" Minimum
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DrvIcon] c:\progra~1\uxpack~1\vistad~1\DrvIcon.exe
mRun: [MacrokeyManager] WTMKM.exe
mRun: [WellPhone DirectSync - ScheduleSync] c:\progra~1\wellph~1\SCHEDU~1.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\random~1.lnk - c:\changepaper\changepaper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\mike\start menu\programs\imvu\Run IMVU.lnk
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350905121421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: Interfaces\{197C24E5-F019-4DCB-899A-B549B17081F2} : DHCPNameServer = 193.254.231.2 193.254.230.199
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mike\application data\mozilla\firefox\profiles\2bapma7d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.windowsxlive.net
FF - plugin: c:\documents and settings\mike\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-09-20 15:01; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-18 16:01; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-10-15 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-9-20 103040]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2011-9-29 21632]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-2-13 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-10-7 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena\safedrv.sys --> d:\garena\safedrv.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2012-2-13 738152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-22 16:14:37 98816 ----a-w- c:\windows\sed.exe
2012-10-22 16:14:37 256000 ----a-w- c:\windows\PEV.exe
2012-10-22 16:14:37 208896 ----a-w- c:\windows\MBR.exe
2012-10-22 11:18:44 564632 ----a-w- c:\documents and settings\all users\application data\microsoft\identitycrl\production\wlidui.dll
2012-10-22 11:18:37 19720 ----a-w- c:\documents and settings\all users\application data\microsoft\identitycrl\production\ppcrlconfig600.dll
2012-10-21 16:43:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-21 16:43:43 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-21 16:37:10 -------- d-----w- c:\program files\FLISoft
2012-10-19 13:58:43 -------- d-sha-r- C:\cmdcons
2012-10-18 13:52:54 -------- d-----w- c:\documents and settings\mike\application data\Beat Hazard
2012-10-18 09:50:16 -------- d-----w- c:\documents and settings\mike\application data\Malwarebytes
2012-10-18 09:50:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-16 05:25:24 1833576 ----a-w- c:\windows\SkyTel.exe
2012-10-16 05:25:23 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-10-16 05:25:23 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-10-16 05:25:21 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-10-16 05:24:17 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-10-15 17:27:11 -------- d-----w- c:\documents and settings\mike\application data\IMVU
2012-10-15 17:06:37 -------- d-----w- c:\documents and settings\mike\application data\IMVUClient
2012-10-15 04:34:35 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-10 16:41:58 -------- d-----w- c:\program files\Microsoft SQL Server
2012-10-10 16:41:31 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-10-10 16:41:30 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-10-10 16:31:28 -------- d-----w- c:\program files\HTML Help Workshop
2012-10-10 16:31:27 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-10-10 16:31:27 -------- d-----w- c:\program files\common files\Merge Modules
2012-10-10 12:58:50 -------- d-----w- c:\program files\NVIDIA Corporation
2012-10-09 15:10:01 -------- d-----w- c:\documents and settings\mike\application data\Dev-Cpp
2012-10-08 04:11:06 -------- d-----w- c:\program files\directx
2012-10-08 03:50:14 306688 ----a-w- c:\windows\IsUninst.exe
2012-10-07 07:55:34 359016 ----a-w- c:\windows\vncutil.exe
2012-10-07 07:55:31 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-10-07 07:55:31 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-10-07 07:55:28 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-10-07 07:55:28 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-10-07 07:55:21 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2012-10-05 12:24:31 178688 ----a-w- c:\windows\system32\unrar.dll
2012-10-05 12:24:23 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-09-26 22:00:41 -------- d-----w- c:\documents and settings\mike\local settings\application data\FLT
2012-09-26 15:30:53 -------- d-----w- c:\program files\GXStandard16-in-1
2012-09-26 15:30:19 -------- d-----w- c:\program files\16in1
2012-09-25 20:51:59 -------- d-----w- c:\documents and settings\mike\local settings\application data\Two Worlds II
.
==================== Find3M ====================
.
2012-10-06 03:18:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-06 03:18:42 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-24 12:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 12:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 10:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-03 09:56:12 36557 ----a-w- c:\windows\system32\unil.exe
.
============= FINISH: 19:43:21,79 ===============


And here's the GMER log.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-24 21:51:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HD321KJ rev.CP100-12
Running: tv0oddmb.exe; Driver: D:\TEMP\uxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xAAA5E4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xAAA5E7F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xAAA5EAB0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xAAA5E5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xAAA5E8B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xAAA5E350]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xAAA5E410]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xAAA5E570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xAAA5E630]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xAAA5E530]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xAAA5E4F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xAAA5E670]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xAAA5E870]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xAAA5E3B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xAAA5E430]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xAAA5E830]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xAAA5E370]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xAAA5E470]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xAAA5E5F0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CA8 80504534 4 Bytes [B0, EA, A5, AA] {MOV AL, 0xea; MOVSD ; STOSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045D4 4 Bytes CALL D9D2F07E
.text ntkrnlpa.exe!ZwCallbackReturn + 2F84 80504810 4 Bytes CALL AE68F2BA
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [B0, E3, A5, AA, 30, E4, A5, ...] {MOV AL, 0xe3; MOVSD ; STOSB ; XOR AH, AH; MOVSD ; STOSB ; XOR AL, CH; MOVSD ; STOSB }
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB95D1000, 0x1E2E6E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[656] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
.text C:\program files\real\realplayer\update\realsched.exe[1748] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 90, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 93, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 90, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 91, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91598C
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 92, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 91, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 92, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9159FD
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 90, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B915B2B
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 91, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 92, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 93, 83, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2284] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 30, D8, 00] {SUB [EAX], DH; FADD DWORD [EAX]}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 33, D8, 00] {SUB [EBX], DH; FADD DWORD [EAX]}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 30, D8, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 31, D8, 00] {TEST AL, 0x31; FADD DWORD [EAX]}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91AE2C
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 32, D8, 00] {TEST AL, 0x32; FADD DWORD [EAX]}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 31, D8, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 32, D8, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91AE9D
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 30, D8, 00] {TEST AL, 0x30; FADD DWORD [EAX]}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91AFCB
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 31, D8, 00] {SUB [ECX], DH; FADD DWORD [EAX]}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 32, D8, 00] {SUB [EDX], DH; FADD DWORD [EAX]}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 33, D8, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 0C, 30, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 0F, 30, 00] {SUB [EDI], CL; XOR [EAX], AL}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 0C, 30, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 0D, 30, 00] {TEST AL, 0xd; XOR [EAX], AL}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B910608
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 0E, 30, 00] {TEST AL, 0xe; XOR [EAX], AL}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 0D, 30, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 0E, 30, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B910679
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 0C, 30, 00] {TEST AL, 0xc; XOR [EAX], AL}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9107A7
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 0D, 30, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 0E, 30, 00] {SUB [ESI], CL; XOR [EAX], AL}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 0F, 30, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 44, CF, 00] {SUB [EDI+ECX*8+0x0], AL}
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 47, CF, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 44, CF, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 45, CF, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91A540
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 46, CF, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 45, CF, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 46, CF, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91A5B1
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 44, CF, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91A6DF
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 45, CF, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 46, CF, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 47, CF, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 78, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 7B, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 78, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 79, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91AC74
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 7A, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 79, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 7A, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91ACE5
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 78, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91AE13
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 79, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 7A, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 7B, D6, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3528] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 90, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 93, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 90, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 91, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91768C
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 92, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 91, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 92, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9176FD
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 90, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91782B
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 91, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 92, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 93, A0, 00]
.text C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0xE6 0xF1 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3E 0x26 0x11 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x08 0x92 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x99 0x44 0xD8 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF5 0xE6 0xF1 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3E 0x26 0x11 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x08 0x92 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x99 0x44 0xD8 0x6A ...

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:54 AM

Posted 24 October 2012 - 03:56 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo




Code:
Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Bluegent

Bluegent
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 October 2012 - 12:09 AM

Thank you for your help, Gringo.

Here are the logs:

Security Check
Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 37
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


ADWcleaner
# AdwCleaner v2.005 - Logfile created 10/25/2012 at 08:02:39
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Mike - BATMAN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Mike\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
File Deleted : C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\2bapma7d.default\searchplugins\Askcom.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\2bapma7d.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1908 octets] - [25/10/2012 08:02:39]

########## EOF - C:\AdwCleaner[S1].txt - [1968 octets] ##########



And RogueKiller
RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Remove -- Date : 10/25/2012 08:08:17

Bad processes : 0

Registry Entries : 2
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: SAMSUNG HD321KJ +++++
--- User ---
[MBR] 31c6891db6952bc82736edf31ddf8a65
[BSP] 068796cd762dc37dd909bbb2a31f593f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 25603 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 52436160 | Size: 279631 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt




What now?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:54 AM

Posted 25 October 2012 - 06:11 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Bluegent

Bluegent
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 October 2012 - 06:41 AM

Combofix log
ComboFix 12-10-25.01 - Mike 25.10.2012 14:33:02.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2309 [GMT 3:00]
Running from: c:\documents and settings\Mike\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-18 13:52 . 2012-10-18 13:52 -------- d-----w- c:\documents and settings\Mike\Application Data\Beat Hazard
2012-10-18 13:01 . 2012-10-18 13:01 -------- d-----w- c:\program files\Common Files\Java
2012-10-18 09:50 . 2012-10-18 09:50 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2012-10-18 09:50 . 2012-10-18 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-16 05:25 . 2010-11-03 15:15 1833576 ----a-w- c:\windows\SkyTel.exe
2012-10-16 05:25 . 2012-05-04 07:15 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-10-16 05:25 . 2011-06-30 13:15 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-10-16 05:25 . 2012-05-10 14:34 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-10-16 05:24 . 2012-05-25 15:06 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-10-15 17:27 . 2012-10-22 11:08 -------- d-----w- c:\documents and settings\Mike\Application Data\IMVU
2012-10-15 04:34 . 2012-10-15 04:34 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-10 16:41 . 2012-10-10 16:42 -------- d-----w- c:\program files\Microsoft SQL Server
2012-10-10 16:41 . 2012-10-10 16:41 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-10-10 16:41 . 2012-10-10 16:41 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-10-10 16:41 . 2012-10-10 16:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-10-10 16:31 . 2012-10-10 16:31 -------- d-----w- c:\windows\symbols
2012-10-10 16:31 . 2012-10-10 16:33 -------- d-----w- c:\program files\HTML Help Workshop
2012-10-10 16:31 . 2012-10-10 16:41 -------- d-----w- c:\program files\Microsoft SDKs
2012-10-10 16:31 . 2012-10-10 16:34 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-10-10 16:31 . 2012-10-10 16:31 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-10-10 16:29 . 2012-10-10 16:29 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-10-10 12:58 . 2012-10-10 12:58 -------- d-----w- c:\program files\NVIDIA Corporation
2012-10-09 19:09 . 2012-10-09 19:13 -------- d-----w- c:\documents and settings\Mike\Application Data\U3
2012-10-09 15:10 . 2012-10-09 15:12 -------- d-----w- c:\documents and settings\Mike\Application Data\Dev-Cpp
2012-10-08 04:11 . 2012-10-08 04:11 -------- d-----w- c:\program files\directx
2012-10-08 03:50 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-10-07 07:55 . 2010-11-03 15:15 359016 ----a-w- c:\windows\vncutil.exe
2012-10-07 07:55 . 2011-11-22 13:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-10-07 07:55 . 2010-11-03 15:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-10-07 07:55 . 2012-05-11 11:14 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-10-07 07:55 . 2009-11-18 04:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-10-07 07:55 . 2009-11-18 04:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2012-10-05 12:24 . 2012-06-09 17:21 178688 ----a-w- c:\windows\system32\unrar.dll
2012-10-05 12:24 . 2012-10-05 12:25 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-09-26 22:00 . 2012-09-26 22:00 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\FLT
2012-09-26 15:30 . 2012-09-26 15:31 -------- d-----w- c:\program files\GXStandard16-in-1
2012-09-26 15:30 . 2012-09-26 15:30 -------- d-----w- c:\program files\16in1
2012-09-25 20:51 . 2012-09-26 21:07 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Two Worlds II
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-06 03:18 . 2012-06-21 16:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-06 03:18 . 2012-06-21 16:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-24 12:32 . 2012-08-20 16:27 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 12:32 . 2011-12-24 09:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 10:51 . 2012-08-20 16:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-31 15:54 . 2012-08-31 15:54 28672 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
2012-08-31 15:54 . 2012-08-31 15:54 5185536 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
2012-08-03 09:56 . 2012-08-03 09:56 36557 ----a-w- c:\windows\system32\unil.exe
2012-06-17 18:43 . 2011-12-24 17:12 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-08 . 5EA6A568D1090DEBCC84BC5B64EB7A30 . 6146048 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-03-08 . 5EA6A568D1090DEBCC84BC5B64EB7A30 . 6146048 . . [8.00.6001.18702] . . c:\windows\UXBackup\mshtml.dll
[7] 2008-11-04 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie8\mshtml.dll
.
[-] 2008-04-14 . 37BEC2CF1B14E1D69357564983AD1EBA . 1432064 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-14 . 37BEC2CF1B14E1D69357564983AD1EBA . 1432064 . . [6.00.2900.5512] . . c:\windows\UXBackup\explorer.exe
.
[-] 2008-04-14 . 605326486B5BBD7CEBA1F0A4DE16F73A . 229376 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
[-] 2008-04-14 . 605326486B5BBD7CEBA1F0A4DE16F73A . 229376 . . [5.1.2600.5512] . . c:\windows\UXBackup\regedit.exe
.
[-] 2008-11-04 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 . 87D41F9973F1FE47DA96CE30566FB230 . 2040320 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
[-] 2008-04-14 . 87D41F9973F1FE47DA96CE30566FB230 . 2040320 . . [5.1.2600.5512] . . c:\windows\UXBackup\ntkrnlpa.exe
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[-] 2009-03-08 . DA03CD91B7BDBA1DBD81B3AAA28391CB . 526176 . . [8.00.6001.18702] . . c:\windows\UXBackup\iexplore.exe
[7] 2008-11-04 . 5334D4461AA92A7B008755FE6D13C5F2 . 622080 . . [7.00.5730.11] . . c:\windows\ie8\iexplore.exe
.
[-] 2008-04-13 . F8BF343474C88B134B390CE540378FE0 . 2161664 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2008-04-13 . F8BF343474C88B134B390CE540378FE0 . 2161664 . . [5.1.2600.5512] . . c:\windows\UXBackup\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoShutdown"="d:\program files\ashut21\AutoShutdown\autoshutdown2.exe" [2001-05-15 572416]
"OscarEditor"="c:\program files\GXStandard16-in-1\GXStandard16in1.exe" [2011-09-02 3343360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\progra~1\UXPACK~1\VISTAD~1\DrvIcon.exe" [2008-04-13 49152]
"MacrokeyManager"="WTMKM.exe" [2009-08-11 5586664]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-05 296056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
c:\documents and settings\Mike\Start Menu\Programs\Startup\
Random Wallpaper Changer.lnk - c:\changepaper\changepaper.exe [2008-9-6 399360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Random Wallpaper Changer.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\Random Wallpaper Changer.lnk
backup=c:\windows\pss\Random Wallpaper Changer.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WorkSMART.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\WorkSMART.lnk
backup=c:\windows\pss\WorkSMART.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 14:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 04:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
2012-01-07 09:42 438272 ----a-w- c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 13:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 09:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 10:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UX Launcher]
2011-10-02 08:18 150134 ----a-w- c:\program files\UX Pack\uxlaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 13:27 762736 ----a-w- c:\windows\vVX1000.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"d:\\Games\\Vindicktus\\Vindictus EU\\en-EU\\NMService.exe"=
"d:\\Games\\Quake\\Quake\\quake3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"d:\\Downloads\\Borderlands(DIRECT PLAY with all 4 DLC's)\\Borderlands(DIRECT PLAY with all 4 DLC's)\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Tunngle\\tnglctrl.exe"=
"c:\\Program Files\\Tunngle\\tunngle.exe"=
"d:\\Games\\amalur\\Reckoning.exe"=
"d:\\Games\\Robot Arena 2 v1.4\\Robot Arena 2 v1.4\\Robot Arena 2.exe"=
"c:\\Documents and Settings\\Mike\\Local Settings\\Application Data\\IW4M\\iw4m.dat"=
"d:\\Games\\borderlands2\\Binaries\\Win32\\Borderlands2.exe"=
"d:\\Games\\HONOURED\\Binaries\\Win32\\Dishonored.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"d:\\Games\\Beat Hazard Ultra\\BeatHazard.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Mike\\Desktop\\oC11b72rv1\\oC11b72rv1.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56180:TCP"= 56180:TCP:Pando Media Booster
"56180:UDP"= 56180:UDP:Pando Media Booster
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10/15/2012 7:34 AM 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/4/2011 9:20 AM 103112]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [8/29/2012 12:03 PM 1385896]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/20/2012 1:50 PM 103040]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [9/29/2011 10:04 AM 21632]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2/13/2012 9:39 PM 27136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/8/2012 5:56 PM 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/7/2012 10:55 AM 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena\safedrv.sys --> d:\garena\safedrv.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 12:44 AM 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2/13/2012 9:39 PM 738152]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 16:43]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-630328440-1417001333-1003Core.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-21 14:22]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-630328440-1417001333-1003UA.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-21 14:22]
.
2012-10-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-630328440-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 15:21]
.
2012-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-630328440-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 15:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsxlive.net
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\2bapma7d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.windowsxlive.net
FF - ExtSQL: 2012-09-20 15:01; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-18 16:01; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-25 14:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(3420)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub32.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN32.dll
c:\program files\TortoiseSVN\bin\libsvn_tsvn32.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn32.dll
c:\program files\TortoiseSVN\bin\libsasl32.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\cscui.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2012-10-25 14:38:58
ComboFix-quarantined-files.txt 2012-10-25 11:38
.
Pre-Run: 8.507.142.144 bytes free
Post-Run: 8.493.715.456 bytes free
.
- - End Of File - - 587F2150F7860085BE1ED69F1CD4ED88


It seems to be doing the same. I randomly get that error and then the things I mentioned in the first post kick in.

By the way, I recently moved in to a college dormroom and we have a LAN internet connection. Beside an antivirus and windows firewall, is there any way to make it more secure?

Edited by Bluegent, 25 October 2012 - 06:58 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:54 AM

Posted 25 October 2012 - 01:23 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Bluegent

Bluegent
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 October 2012 - 06:46 PM

TDSSkiller log.

02:08:09.0578 3660 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
02:08:09.0937 3660 ============================================================
02:08:09.0937 3660 Current date / time: 2012/10/26 02:08:09.0937
02:08:09.0937 3660 SystemInfo:
02:08:09.0937 3660
02:08:09.0937 3660 OS Version: 5.1.2600 ServicePack: 3.0
02:08:09.0937 3660 Product type: Workstation
02:08:09.0937 3660 ComputerName: BATMAN
02:08:09.0937 3660 UserName: Mike
02:08:09.0937 3660 Windows directory: C:\WINDOWS
02:08:09.0937 3660 System windows directory: C:\WINDOWS
02:08:09.0937 3660 Processor architecture: Intel x86
02:08:09.0937 3660 Number of processors: 2
02:08:09.0937 3660 Page size: 0x1000
02:08:09.0937 3660 Boot type: Normal boot
02:08:09.0937 3660 ============================================================
02:08:10.0734 3660 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:08:10.0750 3660 ============================================================
02:08:10.0750 3660 \Device\Harddisk0\DR0:
02:08:10.0750 3660 MBR partitions:
02:08:10.0750 3660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3201C81
02:08:10.0765 3660 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3201CFF, BlocksNum 0x22227B01
02:08:10.0765 3660 ============================================================
02:08:10.0796 3660 C: <-> \Device\Harddisk0\DR0\Partition1
02:08:10.0843 3660 D: <-> \Device\Harddisk0\DR0\Partition2
02:08:10.0843 3660 ============================================================
02:08:10.0843 3660 Initialize success
02:08:10.0843 3660 ============================================================
02:08:17.0109 1824 ============================================================
02:08:17.0109 1824 Scan started
02:08:17.0109 1824 Mode: Manual;
02:08:17.0109 1824 ============================================================
02:08:18.0671 1824 ================ Scan system memory ========================
02:08:18.0671 1824 System memory - ok
02:08:18.0671 1824 ================ Scan services =============================
02:08:18.0859 1824 Abiosdsk - ok
02:08:18.0875 1824 abp480n5 - ok
02:08:18.0906 1824 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:08:18.0906 1824 ACPI - ok
02:08:18.0937 1824 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:08:18.0937 1824 ACPIEC - ok
02:08:18.0984 1824 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:08:18.0984 1824 AdobeFlashPlayerUpdateSvc - ok
02:08:19.0000 1824 adpu160m - ok
02:08:19.0046 1824 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:08:19.0062 1824 aec - ok
02:08:19.0078 1824 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:08:19.0093 1824 AFD - ok
02:08:19.0093 1824 Aha154x - ok
02:08:19.0109 1824 aic78u2 - ok
02:08:19.0125 1824 aic78xx - ok
02:08:19.0140 1824 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:08:19.0140 1824 Alerter - ok
02:08:19.0171 1824 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
02:08:19.0171 1824 ALG - ok
02:08:19.0187 1824 AliIde - ok
02:08:19.0250 1824 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
02:08:19.0281 1824 Ambfilt - ok
02:08:19.0281 1824 amsint - ok
02:08:19.0312 1824 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:08:19.0328 1824 AppMgmt - ok
02:08:19.0328 1824 asc - ok
02:08:19.0343 1824 asc3350p - ok
02:08:19.0359 1824 asc3550 - ok
02:08:19.0484 1824 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:08:19.0515 1824 aspnet_state - ok
02:08:19.0546 1824 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:08:19.0546 1824 AsyncMac - ok
02:08:19.0562 1824 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:08:19.0562 1824 atapi - ok
02:08:19.0578 1824 Atdisk - ok
02:08:19.0640 1824 [ 8FDB05AFF463CB36BE0FD3BC779121CD ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
02:08:19.0656 1824 Ati HotKey Poller - ok
02:08:19.0859 1824 [ 175DDF9AE328CB0D8696094FA1346361 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:08:19.0968 1824 ati2mtag - ok
02:08:20.0000 1824 [ 924971A182E07463765EF9FA8876F24F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
02:08:20.0000 1824 AtiHDAudioService - ok
02:08:20.0031 1824 [ 41C8F0EDA10DA14378D304C20BA6E558 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
02:08:20.0031 1824 AtiHdmiService - ok
02:08:20.0046 1824 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:08:20.0046 1824 Atmarpc - ok
02:08:20.0078 1824 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:08:20.0078 1824 AudioSrv - ok
02:08:20.0093 1824 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:08:20.0109 1824 audstub - ok
02:08:20.0125 1824 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:08:20.0125 1824 Beep - ok
02:08:20.0156 1824 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
02:08:20.0171 1824 BITS - ok
02:08:20.0187 1824 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
02:08:20.0187 1824 Browser - ok
02:08:20.0234 1824 catchme - ok
02:08:20.0250 1824 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:08:20.0250 1824 cbidf2k - ok
02:08:20.0281 1824 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:08:20.0296 1824 CCDECODE - ok
02:08:20.0296 1824 cd20xrnt - ok
02:08:20.0312 1824 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:08:20.0312 1824 Cdaudio - ok
02:08:20.0328 1824 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:08:20.0328 1824 Cdfs - ok
02:08:20.0343 1824 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:08:20.0343 1824 Cdrom - ok
02:08:20.0359 1824 Changer - ok
02:08:20.0375 1824 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:08:20.0375 1824 CiSvc - ok
02:08:20.0390 1824 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:08:20.0390 1824 ClipSrv - ok
02:08:20.0437 1824 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:08:20.0437 1824 clr_optimization_v2.0.50727_32 - ok
02:08:20.0468 1824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:08:20.0515 1824 clr_optimization_v4.0.30319_32 - ok
02:08:20.0515 1824 CmdIde - ok
02:08:20.0531 1824 COMSysApp - ok
02:08:20.0546 1824 Cpqarray - ok
02:08:20.0578 1824 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:08:20.0593 1824 CryptSvc - ok
02:08:20.0593 1824 dac2w2k - ok
02:08:20.0609 1824 dac960nt - ok
02:08:20.0640 1824 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:08:20.0656 1824 DcomLaunch - ok
02:08:20.0671 1824 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:08:20.0671 1824 Dhcp - ok
02:08:20.0687 1824 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:08:20.0687 1824 Disk - ok
02:08:20.0687 1824 dmadmin - ok
02:08:20.0718 1824 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:08:20.0734 1824 dmboot - ok
02:08:20.0750 1824 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:08:20.0750 1824 dmio - ok
02:08:20.0765 1824 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:08:20.0765 1824 dmload - ok
02:08:20.0781 1824 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:08:20.0781 1824 dmserver - ok
02:08:20.0796 1824 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:08:20.0796 1824 DMusic - ok
02:08:20.0812 1824 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:08:20.0812 1824 Dnscache - ok
02:08:20.0843 1824 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:08:20.0843 1824 Dot3svc - ok
02:08:20.0843 1824 dpti2o - ok
02:08:20.0875 1824 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:08:20.0890 1824 drmkaud - ok
02:08:20.0937 1824 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
02:08:20.0937 1824 dtsoftbus01 - ok
02:08:20.0937 1824 EagleXNt - ok
02:08:20.0968 1824 [ 9309C5C9831203436E64CF2AE605C5D7 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
02:08:20.0968 1824 eamon - ok
02:08:20.0984 1824 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:08:21.0000 1824 EapHost - ok
02:08:21.0015 1824 [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
02:08:21.0015 1824 ehdrv - ok
02:08:21.0093 1824 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
02:08:21.0109 1824 ekrn - ok
02:08:21.0125 1824 [ 06C65AC0A703CF8EEA4F284D901A1550 ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
02:08:21.0140 1824 epfwtdir - ok
02:08:21.0156 1824 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:08:21.0156 1824 ERSvc - ok
02:08:21.0187 1824 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe
02:08:21.0187 1824 Eventlog - ok
02:08:21.0203 1824 [ 19A799805B24990867B00C120D300C3A ] EventSystem C:\WINDOWS\system32\es.dll
02:08:21.0203 1824 EventSystem - ok
02:08:21.0234 1824 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:08:21.0234 1824 Fastfat - ok
02:08:21.0265 1824 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:08:21.0265 1824 FastUserSwitchingCompatibility - ok
02:08:21.0281 1824 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
02:08:21.0281 1824 Fdc - ok
02:08:21.0281 1824 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:08:21.0296 1824 Fips - ok
02:08:21.0296 1824 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:08:21.0296 1824 Flpydisk - ok
02:08:21.0328 1824 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:08:21.0328 1824 FltMgr - ok
02:08:21.0359 1824 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:08:21.0359 1824 FontCache3.0.0.0 - ok
02:08:21.0375 1824 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:08:21.0375 1824 Fs_Rec - ok
02:08:21.0390 1824 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:08:21.0390 1824 Ftdisk - ok
02:08:21.0390 1824 GGSAFERDriver - ok
02:08:21.0437 1824 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:08:21.0437 1824 Gpc - ok
02:08:21.0453 1824 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
02:08:21.0453 1824 hamachi - ok
02:08:21.0515 1824 [ DA1B48FDE74125128D0D846A3701D344 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
02:08:21.0546 1824 Hamachi2Svc - ok
02:08:21.0562 1824 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:08:21.0562 1824 HDAudBus - ok
02:08:21.0593 1824 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:08:21.0593 1824 helpsvc - ok
02:08:21.0609 1824 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
02:08:21.0625 1824 HidServ - ok
02:08:21.0640 1824 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:08:21.0640 1824 hidusb - ok
02:08:21.0656 1824 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:08:21.0656 1824 hkmsvc - ok
02:08:21.0671 1824 hpn - ok
02:08:21.0687 1824 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:08:21.0687 1824 HTTP - ok
02:08:21.0718 1824 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:08:21.0718 1824 HTTPFilter - ok
02:08:21.0734 1824 i2omgmt - ok
02:08:21.0734 1824 i2omp - ok
02:08:21.0765 1824 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:08:21.0765 1824 i8042prt - ok
02:08:21.0906 1824 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:08:21.0921 1824 idsvc - ok
02:08:21.0937 1824 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:08:21.0937 1824 Imapi - ok
02:08:21.0953 1824 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
02:08:21.0968 1824 ImapiService - ok
02:08:21.0968 1824 ini910u - ok
02:08:22.0140 1824 [ 063DD51CBDC37B8668E09148E0A118BC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:08:22.0234 1824 IntcAzAudAddService - ok
02:08:22.0234 1824 IntelIde - ok
02:08:22.0265 1824 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:08:22.0265 1824 intelppm - ok
02:08:22.0281 1824 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:08:22.0281 1824 Ip6Fw - ok
02:08:22.0296 1824 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:08:22.0312 1824 IpFilterDriver - ok
02:08:22.0312 1824 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:08:22.0312 1824 IpInIp - ok
02:08:22.0343 1824 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:08:22.0343 1824 IpNat - ok
02:08:22.0359 1824 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:08:22.0359 1824 IPSec - ok
02:08:22.0390 1824 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:08:22.0390 1824 IRENUM - ok
02:08:22.0421 1824 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:08:22.0421 1824 isapnp - ok
02:08:22.0484 1824 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
02:08:22.0484 1824 JavaQuickStarterService - ok
02:08:22.0500 1824 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:08:22.0500 1824 Kbdclass - ok
02:08:22.0515 1824 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:08:22.0515 1824 kbdhid - ok
02:08:22.0562 1824 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:08:22.0562 1824 kmixer - ok
02:08:22.0593 1824 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:08:22.0593 1824 KSecDD - ok
02:08:22.0625 1824 [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
02:08:22.0640 1824 LanmanServer - ok
02:08:22.0671 1824 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:08:22.0671 1824 lanmanworkstation - ok
02:08:22.0671 1824 lbrtfdc - ok
02:08:22.0703 1824 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:08:22.0703 1824 LmHosts - ok
02:08:22.0734 1824 [ C6D085C7045200143528136A43A65FDE ] ManyCam C:\WINDOWS\system32\DRIVERS\ManyCam.sys
02:08:22.0750 1824 ManyCam - ok
02:08:22.0781 1824 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:08:22.0781 1824 Messenger - ok
02:08:22.0828 1824 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
02:08:22.0843 1824 Microsoft Office Groove Audit Service - ok
02:08:22.0875 1824 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:08:22.0890 1824 mnmdd - ok
02:08:22.0906 1824 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:08:22.0921 1824 mnmsrvc - ok
02:08:22.0937 1824 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:08:22.0937 1824 Modem - ok
02:08:23.0000 1824 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
02:08:23.0015 1824 Monfilt - ok
02:08:23.0046 1824 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:08:23.0046 1824 Mouclass - ok
02:08:23.0062 1824 [ 9B5D39ED7659BA9B38B64DF2A83F1768 ] moufiltr C:\WINDOWS\system32\DRIVERS\moufiltr.sys
02:08:23.0062 1824 moufiltr - ok
02:08:23.0062 1824 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:08:23.0062 1824 mouhid - ok
02:08:23.0078 1824 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:08:23.0093 1824 MountMgr - ok
02:08:23.0140 1824 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:08:23.0140 1824 MozillaMaintenance - ok
02:08:23.0156 1824 mraid35x - ok
02:08:23.0171 1824 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:08:23.0171 1824 MRxDAV - ok
02:08:23.0187 1824 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:08:23.0203 1824 MRxSmb - ok
02:08:23.0234 1824 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
02:08:23.0250 1824 MSCamSvc - ok
02:08:23.0265 1824 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:08:23.0281 1824 MSDTC - ok
02:08:23.0296 1824 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:08:23.0296 1824 Msfs - ok
02:08:23.0312 1824 MSIServer - ok
02:08:23.0328 1824 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:08:23.0328 1824 MSKSSRV - ok
02:08:23.0343 1824 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:08:23.0343 1824 MSPCLOCK - ok
02:08:23.0359 1824 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:08:23.0359 1824 MSPQM - ok
02:08:23.0375 1824 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:08:23.0390 1824 mssmbios - ok
02:08:23.0406 1824 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:08:23.0406 1824 MSTEE - ok
02:08:23.0437 1824 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
02:08:23.0437 1824 MTsensor - ok
02:08:23.0453 1824 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:08:23.0453 1824 Mup - ok
02:08:23.0468 1824 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:08:23.0468 1824 NABTSFEC - ok
02:08:23.0484 1824 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:08:23.0500 1824 napagent - ok
02:08:23.0500 1824 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:08:23.0500 1824 NDIS - ok
02:08:23.0531 1824 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:08:23.0531 1824 NdisIP - ok
02:08:23.0531 1824 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:08:23.0546 1824 NdisTapi - ok
02:08:23.0562 1824 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:08:23.0562 1824 Ndisuio - ok
02:08:23.0578 1824 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:08:23.0578 1824 NdisWan - ok
02:08:23.0578 1824 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:08:23.0593 1824 NDProxy - ok
02:08:23.0593 1824 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:08:23.0593 1824 NetBIOS - ok
02:08:23.0625 1824 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:08:23.0625 1824 NetBT - ok
02:08:23.0640 1824 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
02:08:23.0640 1824 NetDDE - ok
02:08:23.0656 1824 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:08:23.0656 1824 NetDDEdsdm - ok
02:08:23.0671 1824 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:08:23.0671 1824 Netlogon - ok
02:08:23.0687 1824 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
02:08:23.0687 1824 Netman - ok
02:08:23.0718 1824 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:08:23.0734 1824 NetTcpPortSharing - ok
02:08:23.0750 1824 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla C:\WINDOWS\System32\mswsock.dll
02:08:23.0765 1824 Nla - ok
02:08:23.0781 1824 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:08:23.0781 1824 Npfs - ok
02:08:23.0796 1824 npggsvc - ok
02:08:23.0828 1824 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:08:23.0828 1824 Ntfs - ok
02:08:23.0843 1824 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:08:23.0843 1824 NtLmSsp - ok
02:08:23.0875 1824 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:08:23.0875 1824 NtmsSvc - ok
02:08:23.0906 1824 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:08:23.0921 1824 Null - ok
02:08:23.0937 1824 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:08:23.0937 1824 NwlnkFlt - ok
02:08:23.0953 1824 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:08:23.0953 1824 NwlnkFwd - ok
02:08:24.0000 1824 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:08:24.0015 1824 odserv - ok
02:08:24.0031 1824 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:08:24.0046 1824 ose - ok
02:08:24.0062 1824 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
02:08:24.0062 1824 Parport - ok
02:08:24.0078 1824 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:08:24.0078 1824 PartMgr - ok
02:08:24.0093 1824 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:08:24.0093 1824 ParVdm - ok
02:08:24.0109 1824 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:08:24.0109 1824 PCI - ok
02:08:24.0109 1824 PCIDump - ok
02:08:24.0140 1824 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:08:24.0140 1824 PCIIde - ok
02:08:24.0156 1824 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:08:24.0156 1824 Pcmcia - ok
02:08:24.0171 1824 PDCOMP - ok
02:08:24.0171 1824 PDFRAME - ok
02:08:24.0187 1824 PDRELI - ok
02:08:24.0187 1824 PDRFRAME - ok
02:08:24.0203 1824 perc2 - ok
02:08:24.0218 1824 perc2hib - ok
02:08:24.0265 1824 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe
02:08:24.0265 1824 PlugPlay - ok
02:08:24.0265 1824 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:08:24.0265 1824 PolicyAgent - ok
02:08:24.0281 1824 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:08:24.0296 1824 PptpMiniport - ok
02:08:24.0296 1824 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:08:24.0296 1824 ProtectedStorage - ok
02:08:24.0312 1824 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:08:24.0312 1824 PSched - ok
02:08:24.0328 1824 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:08:24.0328 1824 Ptilink - ok
02:08:24.0328 1824 ql1080 - ok
02:08:24.0343 1824 Ql10wnt - ok
02:08:24.0359 1824 ql12160 - ok
02:08:24.0359 1824 ql1240 - ok
02:08:24.0375 1824 ql1280 - ok
02:08:24.0390 1824 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:08:24.0390 1824 RasAcd - ok
02:08:24.0421 1824 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:08:24.0421 1824 RasAuto - ok
02:08:24.0453 1824 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:08:24.0453 1824 Rasl2tp - ok
02:08:24.0468 1824 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:08:24.0484 1824 RasMan - ok
02:08:24.0484 1824 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:08:24.0484 1824 RasPppoe - ok
02:08:24.0500 1824 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:08:24.0500 1824 Raspti - ok
02:08:24.0515 1824 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:08:24.0515 1824 Rdbss - ok
02:08:24.0546 1824 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:08:24.0546 1824 RDPCDD - ok
02:08:24.0578 1824 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:08:24.0593 1824 rdpdr - ok
02:08:24.0609 1824 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:08:24.0609 1824 RDPWD - ok
02:08:24.0625 1824 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:08:24.0640 1824 RDSessMgr - ok
02:08:24.0656 1824 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:08:24.0656 1824 redbook - ok
02:08:24.0687 1824 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:08:24.0687 1824 RemoteAccess - ok
02:08:24.0703 1824 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:08:24.0703 1824 RemoteRegistry - ok
02:08:24.0718 1824 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
02:08:24.0734 1824 RpcLocator - ok
02:08:24.0750 1824 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\System32\rpcss.dll
02:08:24.0765 1824 RpcSs - ok
02:08:24.0781 1824 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:08:24.0781 1824 RSVP - ok
02:08:24.0796 1824 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
02:08:24.0796 1824 SamSs - ok
02:08:24.0812 1824 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:08:24.0812 1824 SCardSvr - ok
02:08:24.0843 1824 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:08:24.0843 1824 Schedule - ok
02:08:24.0875 1824 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:08:24.0875 1824 Secdrv - ok
02:08:24.0890 1824 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
02:08:24.0890 1824 seclogon - ok
02:08:24.0906 1824 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
02:08:24.0906 1824 SENS - ok
02:08:24.0906 1824 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:08:24.0906 1824 serenum - ok
02:08:24.0921 1824 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:08:24.0921 1824 Serial - ok
02:08:24.0968 1824 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:08:24.0968 1824 Sfloppy - ok
02:08:24.0984 1824 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:08:25.0000 1824 SharedAccess - ok
02:08:25.0015 1824 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:08:25.0015 1824 ShellHWDetection - ok
02:08:25.0031 1824 Simbad - ok
02:08:25.0046 1824 [ 37DAA9F59A3FF30A314FD98EE8F47000 ] SiSGbeXP C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
02:08:25.0046 1824 SiSGbeXP - ok
02:08:25.0093 1824 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
02:08:25.0093 1824 SkypeUpdate - ok
02:08:25.0109 1824 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:08:25.0109 1824 SLIP - ok
02:08:25.0125 1824 Sparrow - ok
02:08:25.0156 1824 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:08:25.0156 1824 splitter - ok
02:08:25.0171 1824 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:08:25.0171 1824 Spooler - ok
02:08:25.0171 1824 sptd - ok
02:08:25.0203 1824 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:08:25.0203 1824 sr - ok
02:08:25.0218 1824 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
02:08:25.0234 1824 srservice - ok
02:08:25.0234 1824 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:08:25.0250 1824 Srv - ok
02:08:25.0265 1824 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:08:25.0265 1824 SSDPSRV - ok
02:08:25.0296 1824 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:08:25.0312 1824 stisvc - ok
02:08:25.0328 1824 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:08:25.0328 1824 streamip - ok
02:08:25.0359 1824 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:08:25.0359 1824 swenum - ok
02:08:25.0437 1824 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:08:25.0453 1824 SwitchBoard - ok
02:08:25.0468 1824 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:08:25.0468 1824 swmidi - ok
02:08:25.0484 1824 SwPrv - ok
02:08:25.0500 1824 symc810 - ok
02:08:25.0500 1824 symc8xx - ok
02:08:25.0515 1824 sym_hi - ok
02:08:25.0531 1824 sym_u3 - ok
02:08:25.0531 1824 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:08:25.0531 1824 sysaudio - ok
02:08:25.0562 1824 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:08:25.0562 1824 SysmonLog - ok
02:08:25.0578 1824 [ B7AEE68D2E867CBF69B649B18FCEDBBB ] tap0901t C:\WINDOWS\system32\DRIVERS\tap0901t.sys
02:08:25.0578 1824 tap0901t - ok
02:08:25.0609 1824 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:08:25.0609 1824 TapiSrv - ok
02:08:25.0640 1824 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:08:25.0640 1824 Tcpip - ok
02:08:25.0656 1824 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:08:25.0656 1824 TDPIPE - ok
02:08:25.0687 1824 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:08:25.0687 1824 TDTCP - ok
02:08:25.0703 1824 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:08:25.0703 1824 TermDD - ok
02:08:25.0734 1824 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
02:08:25.0734 1824 TermService - ok
02:08:25.0750 1824 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
02:08:25.0750 1824 Themes - ok
02:08:25.0765 1824 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:08:25.0765 1824 TlntSvr - ok
02:08:25.0781 1824 TosIde - ok
02:08:25.0796 1824 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:08:25.0796 1824 TrkWks - ok
02:08:25.0859 1824 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files\Tunngle\TnglCtrl.exe
02:08:25.0875 1824 TunngleService - ok
02:08:25.0890 1824 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:08:25.0890 1824 Udfs - ok
02:08:25.0906 1824 ultra - ok
02:08:25.0937 1824 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:08:25.0937 1824 Update - ok
02:08:25.0968 1824 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:08:25.0968 1824 upnphost - ok
02:08:25.0984 1824 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
02:08:25.0984 1824 UPS - ok
02:08:26.0015 1824 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
02:08:26.0015 1824 usbaudio - ok
02:08:26.0031 1824 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:08:26.0031 1824 usbccgp - ok
02:08:26.0046 1824 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:08:26.0046 1824 usbehci - ok
02:08:26.0062 1824 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:08:26.0062 1824 usbhub - ok
02:08:26.0078 1824 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:08:26.0078 1824 usbohci - ok
02:08:26.0093 1824 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:08:26.0109 1824 usbprint - ok
02:08:26.0125 1824 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:08:26.0125 1824 usbscan - ok
02:08:26.0140 1824 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:08:26.0140 1824 usbstor - ok
02:08:26.0156 1824 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:08:26.0156 1824 VgaSave - ok
02:08:26.0187 1824 [ 4A2C339B9E848E5099411577BE01E0FF ] vhidmini C:\WINDOWS\system32\DRIVERS\walvhid.sys
02:08:26.0187 1824 vhidmini - ok
02:08:26.0203 1824 ViaIde - ok
02:08:26.0218 1824 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:08:26.0218 1824 VolSnap - ok
02:08:26.0234 1824 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
02:08:26.0250 1824 VSS - ok
02:08:26.0328 1824 [ D22C6B9C2F840D403FD387AD207A4B16 ] VX1000 C:\WINDOWS\system32\DRIVERS\VX1000.sys
02:08:26.0359 1824 VX1000 - ok
02:08:26.0375 1824 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
02:08:26.0390 1824 W32Time - ok
02:08:26.0390 1824 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:08:26.0406 1824 Wanarp - ok
02:08:26.0406 1824 WDICA - ok
02:08:26.0437 1824 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:08:26.0437 1824 wdmaud - ok
02:08:26.0453 1824 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:08:26.0468 1824 WebClient - ok
02:08:26.0500 1824 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:08:26.0500 1824 winmgmt - ok
02:08:26.0578 1824 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:08:26.0593 1824 wlidsvc - ok
02:08:26.0625 1824 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:08:26.0625 1824 WmdmPmSN - ok
02:08:26.0656 1824 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:08:26.0671 1824 Wmi - ok
02:08:26.0703 1824 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:08:26.0703 1824 WmiApSrv - ok
02:08:26.0750 1824 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
02:08:26.0765 1824 WMPNetworkSvc - ok
02:08:26.0812 1824 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:08:26.0828 1824 WPFFontCache_v0400 - ok
02:08:26.0859 1824 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:08:26.0859 1824 WS2IFSL - ok
02:08:26.0890 1824 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:08:26.0890 1824 wscsvc - ok
02:08:26.0921 1824 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:08:26.0921 1824 WSTCODEC - ok
02:08:26.0937 1824 WTService - ok
02:08:26.0953 1824 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:08:26.0968 1824 wuauserv - ok
02:08:27.0000 1824 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:08:27.0000 1824 WudfPf - ok
02:08:27.0015 1824 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:08:27.0015 1824 WudfRd - ok
02:08:27.0031 1824 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:08:27.0031 1824 WudfSvc - ok
02:08:27.0062 1824 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:08:27.0078 1824 WZCSVC - ok
02:08:27.0093 1824 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:08:27.0109 1824 xmlprov - ok
02:08:27.0125 1824 ================ Scan global ===============================
02:08:27.0140 1824 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:08:27.0156 1824 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
02:08:27.0171 1824 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
02:08:27.0187 1824 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
02:08:27.0187 1824 [Global] - ok
02:08:27.0187 1824 ================ Scan MBR ==================================
02:08:27.0203 1824 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
02:08:27.0375 1824 \Device\Harddisk0\DR0 - ok
02:08:27.0375 1824 ================ Scan VBR ==================================
02:08:27.0375 1824 [ C13203018484F7D3E7F5775E9F6AB28A ] \Device\Harddisk0\DR0\Partition1
02:08:27.0375 1824 \Device\Harddisk0\DR0\Partition1 - ok
02:08:27.0406 1824 [ 61D7E4203A393D9A45F02EF895157573 ] \Device\Harddisk0\DR0\Partition2
02:08:27.0406 1824 \Device\Harddisk0\DR0\Partition2 - ok
02:08:27.0406 1824 ============================================================
02:08:27.0406 1824 Scan finished
02:08:27.0406 1824 ============================================================
02:08:27.0421 2792 Detected object count: 0
02:08:27.0421 2792 Actual detected object count: 0


aswMBR log.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-26 02:09:10
-----------------------------
02:09:10.218 OS Version: Windows 5.1.2600 Service Pack 3
02:09:10.218 Number of processors: 2 586 0xF0D
02:09:10.218 ComputerName: BATMAN UserName: Mike
02:09:10.390 Initialize success
02:12:54.828 AVAST engine defs: 12102502
02:13:06.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
02:13:06.093 Disk 0 Vendor: SAMSUNG_HD321KJ CP100-12 Size: 305245MB BusType: 3
02:13:06.109 Disk 0 MBR read successfully
02:13:06.125 Disk 0 MBR scan
02:13:06.171 Disk 0 Windows XP default MBR code
02:13:06.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 25603 MB offset 63
02:13:06.203 Disk 0 Partition - 00 0F Extended LBA 279631 MB offset 52436160
02:13:06.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 279631 MB offset 52436223
02:13:06.250 Disk 0 scanning sectors +625121280
02:13:06.343 Disk 0 scanning C:\WINDOWS\system32\drivers
02:13:15.500 Service scanning
02:13:37.250 Modules scanning
02:13:42.531 Disk 0 trace - called modules:
02:13:42.562 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:13:42.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad3dab8]
02:13:42.609 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000068[0x8ad329e8]
02:13:42.640 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ad17d98]
02:13:42.843 AVAST engine scan C:\WINDOWS
02:13:51.109 AVAST engine scan C:\WINDOWS\system32
02:18:09.312 AVAST engine scan C:\WINDOWS\system32\drivers
02:18:25.218 AVAST engine scan C:\Documents and Settings\Mike
02:26:47.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mike\Desktop\MBR.dat"
02:26:48.046 The log file has been saved successfully to "C:\Documents and Settings\Mike\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-26 02:09:10
-----------------------------
02:09:10.218 OS Version: Windows 5.1.2600 Service Pack 3
02:09:10.218 Number of processors: 2 586 0xF0D
02:09:10.218 ComputerName: BATMAN UserName: Mike
02:09:10.390 Initialize success
02:12:54.828 AVAST engine defs: 12102502
02:13:06.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
02:13:06.093 Disk 0 Vendor: SAMSUNG_HD321KJ CP100-12 Size: 305245MB BusType: 3
02:13:06.109 Disk 0 MBR read successfully
02:13:06.125 Disk 0 MBR scan
02:13:06.171 Disk 0 Windows XP default MBR code
02:13:06.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 25603 MB offset 63
02:13:06.203 Disk 0 Partition - 00 0F Extended LBA 279631 MB offset 52436160
02:13:06.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 279631 MB offset 52436223
02:13:06.250 Disk 0 scanning sectors +625121280
02:13:06.343 Disk 0 scanning C:\WINDOWS\system32\drivers
02:13:15.500 Service scanning
02:13:37.250 Modules scanning
02:13:42.531 Disk 0 trace - called modules:
02:13:42.562 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:13:42.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad3dab8]
02:13:42.609 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000068[0x8ad329e8]
02:13:42.640 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ad17d98]
02:13:42.843 AVAST engine scan C:\WINDOWS
02:13:51.109 AVAST engine scan C:\WINDOWS\system32
02:18:09.312 AVAST engine scan C:\WINDOWS\system32\drivers
02:18:25.218 AVAST engine scan C:\Documents and Settings\Mike
02:26:47.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mike\Desktop\MBR.dat"
02:26:48.046 The log file has been saved successfully to "C:\Documents and Settings\Mike\Desktop\aswMBR.txt"
02:32:09.968 AVAST engine scan C:\Documents and Settings\All Users
02:34:00.171 Scan finished successfully
02:34:31.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mike\Desktop\MBR.dat"
02:34:31.187 The log file has been saved successfully to "C:\Documents and Settings\Mike\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:54 AM

Posted 25 October 2012 - 08:39 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Bluegent

Bluegent
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 October 2012 - 11:00 PM

ComboFix 12-10-22.01 - Mike 26.10.2012 6:53.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2191 [GMT 3:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-26 to 2012-10-26 )))))))))))))))))))))))))))))))
.
.
2012-10-18 13:52 . 2012-10-18 13:52 -------- d-----w- c:\documents and settings\Mike\Application Data\Beat Hazard
2012-10-18 13:01 . 2012-10-18 13:01 -------- d-----w- c:\program files\Common Files\Java
2012-10-18 09:50 . 2012-10-18 09:50 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2012-10-18 09:50 . 2012-10-18 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-16 05:25 . 2010-11-03 15:15 1833576 ----a-w- c:\windows\SkyTel.exe
2012-10-16 05:25 . 2012-05-04 07:15 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-10-16 05:25 . 2011-06-30 13:15 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-10-16 05:25 . 2012-05-10 14:34 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-10-16 05:24 . 2012-05-25 15:06 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-10-15 17:27 . 2012-10-22 11:08 -------- d-----w- c:\documents and settings\Mike\Application Data\IMVU
2012-10-15 04:34 . 2012-10-15 04:34 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-10 16:41 . 2012-10-10 16:42 -------- d-----w- c:\program files\Microsoft SQL Server
2012-10-10 16:41 . 2012-10-10 16:41 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-10-10 16:41 . 2012-10-10 16:41 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-10-10 16:41 . 2012-10-10 16:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-10-10 16:31 . 2012-10-10 16:31 -------- d-----w- c:\windows\symbols
2012-10-10 16:31 . 2012-10-10 16:33 -------- d-----w- c:\program files\HTML Help Workshop
2012-10-10 16:31 . 2012-10-10 16:41 -------- d-----w- c:\program files\Microsoft SDKs
2012-10-10 16:31 . 2012-10-10 16:34 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-10-10 16:31 . 2012-10-10 16:31 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-10-10 16:29 . 2012-10-10 16:29 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-10-10 12:58 . 2012-10-10 12:58 -------- d-----w- c:\program files\NVIDIA Corporation
2012-10-09 19:09 . 2012-10-09 19:13 -------- d-----w- c:\documents and settings\Mike\Application Data\U3
2012-10-09 15:10 . 2012-10-09 15:12 -------- d-----w- c:\documents and settings\Mike\Application Data\Dev-Cpp
2012-10-08 04:11 . 2012-10-08 04:11 -------- d-----w- c:\program files\directx
2012-10-08 03:50 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-10-07 07:55 . 2010-11-03 15:15 359016 ----a-w- c:\windows\vncutil.exe
2012-10-07 07:55 . 2011-11-22 13:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-10-07 07:55 . 2010-11-03 15:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-10-07 07:55 . 2012-05-11 11:14 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-10-07 07:55 . 2009-11-18 04:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-10-07 07:55 . 2009-11-18 04:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2012-10-05 12:24 . 2012-06-09 17:21 178688 ----a-w- c:\windows\system32\unrar.dll
2012-10-05 12:24 . 2012-10-05 12:25 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-09-26 22:00 . 2012-09-26 22:00 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\FLT
2012-09-26 15:30 . 2012-09-26 15:31 -------- d-----w- c:\program files\GXStandard16-in-1
2012-09-26 15:30 . 2012-09-26 15:30 -------- d-----w- c:\program files\16in1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-06 03:18 . 2012-06-21 16:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-06 03:18 . 2012-06-21 16:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-24 12:32 . 2012-08-20 16:27 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 12:32 . 2011-12-24 09:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 10:51 . 2012-08-20 16:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-31 15:54 . 2012-08-31 15:54 28672 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
2012-08-31 15:54 . 2012-08-31 15:54 5185536 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
2012-08-03 09:56 . 2012-08-03 09:56 36557 ----a-w- c:\windows\system32\unil.exe
2012-06-17 18:43 . 2011-12-24 17:12 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-08 . 5EA6A568D1090DEBCC84BC5B64EB7A30 . 6146048 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-03-08 . 5EA6A568D1090DEBCC84BC5B64EB7A30 . 6146048 . . [8.00.6001.18702] . . c:\windows\UXBackup\mshtml.dll
[7] 2008-11-04 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie8\mshtml.dll
.
[-] 2008-04-14 . 37BEC2CF1B14E1D69357564983AD1EBA . 1432064 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-14 . 37BEC2CF1B14E1D69357564983AD1EBA . 1432064 . . [6.00.2900.5512] . . c:\windows\UXBackup\explorer.exe
.
[-] 2008-04-14 . 605326486B5BBD7CEBA1F0A4DE16F73A . 229376 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
[-] 2008-04-14 . 605326486B5BBD7CEBA1F0A4DE16F73A . 229376 . . [5.1.2600.5512] . . c:\windows\UXBackup\regedit.exe
.
[-] 2008-11-04 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 . 87D41F9973F1FE47DA96CE30566FB230 . 2040320 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
[-] 2008-04-14 . 87D41F9973F1FE47DA96CE30566FB230 . 2040320 . . [5.1.2600.5512] . . c:\windows\UXBackup\ntkrnlpa.exe
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[-] 2009-03-08 . DA03CD91B7BDBA1DBD81B3AAA28391CB . 526176 . . [8.00.6001.18702] . . c:\windows\UXBackup\iexplore.exe
[7] 2008-11-04 . 5334D4461AA92A7B008755FE6D13C5F2 . 622080 . . [7.00.5730.11] . . c:\windows\ie8\iexplore.exe
.
[-] 2008-04-13 . F8BF343474C88B134B390CE540378FE0 . 2161664 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2008-04-13 . F8BF343474C88B134B390CE540378FE0 . 2161664 . . [5.1.2600.5512] . . c:\windows\UXBackup\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoShutdown"="d:\program files\ashut21\AutoShutdown\autoshutdown2.exe" [2001-05-15 572416]
"OscarEditor"="c:\program files\GXStandard16-in-1\GXStandard16in1.exe" [2011-09-02 3343360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\progra~1\UXPACK~1\VISTAD~1\DrvIcon.exe" [2008-04-13 49152]
"MacrokeyManager"="WTMKM.exe" [2009-08-11 5586664]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-05 296056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\documents and settings\Mike\Start Menu\Programs\Startup\
Random Wallpaper Changer.lnk - c:\changepaper\changepaper.exe [2008-9-6 399360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Random Wallpaper Changer.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\Random Wallpaper Changer.lnk
backup=c:\windows\pss\Random Wallpaper Changer.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WorkSMART.lnk]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\WorkSMART.lnk
backup=c:\windows\pss\WorkSMART.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 14:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
2012-01-07 09:42 438272 ----a-w- c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 13:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 09:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 10:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UX Launcher]
2011-10-02 08:18 150134 ----a-w- c:\program files\UX Pack\uxlaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 13:27 762736 ----a-w- c:\windows\vVX1000.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"d:\\Games\\Vindicktus\\Vindictus EU\\en-EU\\NMService.exe"=
"d:\\Games\\Quake\\Quake\\quake3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"d:\\Downloads\\Borderlands(DIRECT PLAY with all 4 DLC's)\\Borderlands(DIRECT PLAY with all 4 DLC's)\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Tunngle\\tnglctrl.exe"=
"c:\\Program Files\\Tunngle\\tunngle.exe"=
"d:\\Games\\amalur\\Reckoning.exe"=
"d:\\Games\\Robot Arena 2 v1.4\\Robot Arena 2 v1.4\\Robot Arena 2.exe"=
"c:\\Documents and Settings\\Mike\\Local Settings\\Application Data\\IW4M\\iw4m.dat"=
"d:\\Games\\borderlands2\\Binaries\\Win32\\Borderlands2.exe"=
"d:\\Games\\HONOURED\\Binaries\\Win32\\Dishonored.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"d:\\Games\\Beat Hazard Ultra\\BeatHazard.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Mike\\Desktop\\oC11b72rv1\\oC11b72rv1.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56180:TCP"= 56180:TCP:Pando Media Booster
"56180:UDP"= 56180:UDP:Pando Media Booster
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10/15/2012 7:34 AM 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/4/2011 9:20 AM 103112]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [8/29/2012 12:03 PM 1385896]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/20/2012 1:50 PM 103040]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [9/29/2011 10:04 AM 21632]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2/13/2012 9:39 PM 27136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/8/2012 5:56 PM 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/7/2012 10:55 AM 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena\safedrv.sys --> d:\garena\safedrv.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 12:44 AM 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2/13/2012 9:39 PM 738152]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 55860944
*NewlyCreated* - ASWMBR
*Deregistered* - 55860944
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 21:29]
.
2012-10-25 c:\windows\Tasks\AdobeAAMUpdater-1.0-BATMAN-Mike.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-10-25 14:42]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-630328440-1417001333-1003Core.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-21 14:22]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-630328440-1417001333-1003UA.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-21 14:22]
.
2012-10-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-630328440-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 15:21]
.
2012-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-630328440-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 15:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsxlive.net
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 193.254.231.2 193.254.230.199
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\2bapma7d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.windowsxlive.net
FF - ExtSQL: 2012-09-20 15:01; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-18 16:01; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AdobeCS5 - c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-26 06:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(3720)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub32.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN32.dll
c:\program files\TortoiseSVN\bin\libsvn_tsvn32.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn32.dll
c:\program files\TortoiseSVN\bin\libsasl32.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\wmp.dll
c:\windows\system32\wmploc.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wmpps.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\cscui.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2012-10-26 06:58:35
ComboFix-quarantined-files.txt 2012-10-26 03:58
ComboFix2.txt 2012-10-25 11:38
ComboFix3.txt 2012-10-22 16:20
ComboFix4.txt 2012-10-22 13:40
.
Pre-Run: 8.462.331.904 bytes free
Post-Run: 8.457.768.960 bytes free
.
- - End Of File - - 3F7BEF2ED936F6B358BB27E526F1B720


No, it's still doing it. In fact, the error popped up just as I was running combofix.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:54 AM

Posted 25 October 2012 - 11:17 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Bluegent

Bluegent
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 25 October 2012 - 11:49 PM

Alright.

OTL logfile created on: 26.10.2012 07:45:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,61% Memory free
4,84 Gb Paging File | 3,95 Gb Available in Paging File | 81,58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25,00 Gb Total Space | 7,89 Gb Free Space | 31,57% Space Free | Partition Type: NTFS
Drive D: | 273,08 Gb Total Space | 38,61 Gb Free Space | 14,14% Space Free | Partition Type: NTFS

Computer Name: BATMAN | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WTMKM.exe ()
PRC - C:\WINDOWS\system32\atwtusb.exe ()
PRC - C:\changepaper\changepaper.exe (RJL Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\ashut21\AutoShutdown\autoshutdown2.exe (Sundagger Solutions Co.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Program Files\ManyCam\Bin\cximagecrt.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\system32\WTMKM.exe ()
MOD - C:\WINDOWS\system32\atwtusb.exe ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\ATWTINK.DLL ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WTService) -- C:\WINDOWS\system32\atwtusb.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (sptd) -- C:\WINDOWS\\SystemRoot\System32\Drivers\sptd.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (GGSAFERDriver) -- D:\Garena\safedrv.sys File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- D:\TEMP\catchme.sys File not found
DRV - (aswMBR) -- D:\TEMP\aswMBR.sys File not found
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (tap0901t) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)
DRV - (vhidmini) -- C:\WINDOWS\system32\drivers\walvhid.sys (Windows ® Codename Longhorn DDK provider)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (moufiltr) -- C:\WINDOWS\system32\drivers\moufiltr.sys (Windows ® Codename Longhorn DDK provider)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/110
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/110
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
IE - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\..\SearchScopes\{26440DE2-3BC3-4673-9303-EE3FDC52E053}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
IE - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\..\SearchScopes\{AC98B791-4A15-4873-85AA-A2709014F156}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=5J&apn_dtid=YYYYYYYYRO&apn_uid=7c8b46cc-7f0c-43cd-b54a-b1fcecceff52&apn_sauid=922387DB-8839-4737-92BD-82E3B443FC42
IE - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.windowsxlive.net"
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.19 18:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 21:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.10.22 14:23:28 | 000,000,000 | ---D | M]

[2011.12.24 12:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2012.09.21 21:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\2bapma7d.default\extensions
[2012.07.25 15:19:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\2bapma7d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.21 21:14:40 | 000,698,867 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\2bapma7d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.10.18 16:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.08.26 12:19:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.20 19:27:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.09.20 15:01:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.18 16:01:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.06.17 21:43:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.17 21:43:01 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.06.17 21:43:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 21:43:01 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.06.17 21:43:01 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.06.17 21:43:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.06.17 21:43:01 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Gmail = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.10.25 15:52:32 | 000,000,493 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\UX Pack\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WellPhone DirectSync - ScheduleSync] C:\Program Files\WellPhone DirectSync\ScheduleSync.exe ()
O4 - HKU\S-1-5-21-1202660629-630328440-1417001333-1003..\Run: [AutoShutdown] D:\Program Files\ashut21\AutoShutdown\autoshutdown2.exe (Sundagger Solutions Co.)
O4 - HKU\S-1-5-21-1202660629-630328440-1417001333-1003..\Run: [OscarEditor] C:\Program Files\GXStandard16-in-1\GXStandard16in1.exe ()
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\Random Wallpaper Changer.lnk = C:\changepaper\changepaper.exe (RJL Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350905121421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.254.231.2 193.254.230.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{197C24E5-F019-4DCB-899A-B549B17081F2}: DhcpNameServer = 193.254.231.2 193.254.230.199
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.27 16:20:54 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.26 07:44:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2012.10.26 02:07:04 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2012.10.26 02:06:54 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\tdsskiller.exe
[2012.10.25 17:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\FAI__S__2012-10-25-transfer_ro-25oct-97993e
[2012.10.25 17:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Analiza_Matematica_Horatiu-transfer_ro-25oct-6fa84f
[2012.10.25 15:45:33 | 000,911,800 | ---- | C] (Adobe Systems, Incorporated) -- C:\Documents and Settings\Mike\Desktop\amtlib.dll
[2012.10.25 08:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\RK_Quarantine
[2012.10.24 22:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\BOOTY
[2012.10.24 22:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\[Kamicheetah] Boooty Call
[2012.10.24 19:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\oC11b72rv1
[2012.10.24 19:35:16 | 000,687,724 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike\Desktop\dds.com
[2012.10.24 19:18:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2012.10.22 19:14:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.10.22 19:14:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.10.22 19:14:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.10.22 19:14:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.10.22 19:14:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.22 19:07:39 | 004,986,434 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2012.10.22 18:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\the.karate.kid.(2010).eng.1cd.(3764513)
[2012.10.22 18:46:17 | 000,428,184 | ---- | C] (Opensubtitles.org ) -- C:\Documents and Settings\Mike\Desktop\the.karate.kid.(2010).eng.1cd.(3764513).exe
[2012.10.22 16:46:33 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2012.10.22 16:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\tdsskiller
[2012.10.22 14:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012.10.21 19:43:43 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.10.21 19:43:43 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.10.21 19:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerPaint
[2012.10.21 19:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\FLISoft
[2012.10.21 19:36:53 | 002,049,421 | ---- | C] (FLISoft ) -- C:\Documents and Settings\Mike\Desktop\powerpaint.exe
[2012.10.21 18:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\6ee45df5f4ed617e8f01af8f10b6d3a63c68f420
[2012.10.20 16:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Starbreeze Studios
[2012.10.19 16:58:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.10.19 16:54:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\Administrative Tools
[2012.10.19 16:54:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.10.18 16:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Beat Hazard
[2012.10.18 16:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\Beat Hazard Ultra
[2012.10.18 16:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.18 16:01:38 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.10.18 16:01:38 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.10.18 16:01:38 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.10.18 12:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2012.10.18 12:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.10.16 08:25:23 | 001,493,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2012.10.16 08:25:23 | 000,891,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2012.10.16 08:25:21 | 000,065,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2012.10.16 08:24:17 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2012.10.15 22:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\Torchlight 2
[2012.10.15 20:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\IMVU
[2012.10.15 20:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\IMVUClient
[2012.10.15 07:34:35 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012.10.10 19:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012.10.10 19:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Sync Framework
[2012.10.10 19:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.10.10 19:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.10.10 19:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.10.10 19:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Visual Studio 2008
[2012.10.10 19:31:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2012.10.10 19:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2012.10.10 19:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2010
[2012.10.10 19:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012.10.10 19:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012.10.10 19:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2012.10.10 19:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012.10.10 15:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.10.10 15:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dishonored
[2012.10.09 22:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\U3
[2012.10.09 18:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Dev-Cpp
[2012.10.09 18:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bloodshed Dev-C++
[2012.10.08 07:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2012.10.08 07:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Majesco Entertainment
[2012.10.08 06:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BloodRayne
[2012.10.08 06:50:14 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2012.10.07 10:55:34 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012.10.07 10:55:31 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012.10.07 10:55:31 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll
[2012.10.07 10:55:28 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2012.10.07 10:55:21 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012.10.06 10:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\brigga
[2012.10.06 06:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\ClaDun x2
[2012.10.05 15:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012.10.05 15:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.09.27 01:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\FLT
[2012.09.27 00:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Castle Crashers
[2012.09.26 18:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\GXStandard16-in-1
[2012.09.26 18:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\16in1

========== Files - Modified Within 30 Days ==========

[2012.10.26 07:45:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2012.10.26 07:40:00 | 000,001,184 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-630328440-1417001333-1003UA.job
[2012.10.26 07:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.26 06:55:45 | 000,496,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.26 06:55:45 | 000,084,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.26 02:59:08 | 001,003,004 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351202282452.gif
[2012.10.26 02:34:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBR.dat
[2012.10.26 02:07:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2012.10.26 02:07:24 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\tdsskiller.exe
[2012.10.26 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-BATMAN-Mike.job
[2012.10.26 00:29:53 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.10.26 00:29:52 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.10.25 19:22:08 | 000,019,149 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\whitenoise.PNG
[2012.10.25 17:38:22 | 000,227,321 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351171434020.jpg
[2012.10.25 17:31:06 | 000,601,571 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351171074394.png
[2012.10.25 17:19:26 | 001,399,207 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Analiza_Matematica_Horatiu-transfer_ro-25oct-6fa84f.zip
[2012.10.25 17:16:28 | 003,619,071 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FAI__S__2012-10-25-transfer_ro-25oct-97993e.zip
[2012.10.25 15:52:32 | 000,000,493 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.10.25 14:39:06 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012.10.25 14:13:40 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-630328440-1417001333-1003.job
[2012.10.25 14:09:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.25 08:00:10 | 001,580,544 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\RogueKiller.exe
[2012.10.25 08:00:01 | 000,538,941 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\adwcleaner.exe
[2012.10.25 07:59:58 | 000,881,773 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SecurityCheck.exe
[2012.10.24 22:04:25 | 001,612,385 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\[Kamicheetah] Boooty Call (1).zip
[2012.10.24 22:03:28 | 000,006,955 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} Club Stripes Boooty Call (Complete).torrent
[2012.10.24 22:01:30 | 000,259,985 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\[Kamicheetah] Boooty Call.zip
[2012.10.24 21:55:50 | 000,081,416 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\just this.jpg
[2012.10.24 21:50:01 | 000,251,082 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\c'mon.jpg
[2012.10.24 20:51:03 | 000,288,848 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351099144155.jpg
[2012.10.24 19:43:32 | 000,340,772 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\oC11b72rv1.zip
[2012.10.24 19:38:08 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Mike\defogger_reenable
[2012.10.24 19:36:19 | 000,687,724 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike\Desktop\dds.com
[2012.10.24 19:36:08 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tv0oddmb.exe
[2012.10.24 19:35:09 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Defogger.exe
[2012.10.24 19:18:40 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2012.10.24 09:19:07 | 000,065,979 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351059398363.jpg
[2012.10.24 09:19:03 | 000,851,965 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351059392662.png
[2012.10.24 07:53:00 | 002,579,325 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351054106963.jpg
[2012.10.24 07:33:01 | 001,909,081 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351046320212.gif
[2012.10.24 07:32:41 | 003,103,308 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351046222395.gif
[2012.10.24 06:57:17 | 000,542,493 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351042247916.jpg
[2012.10.23 18:46:34 | 000,079,514 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1351007018872.jpg
[2012.10.23 08:28:50 | 000,104,042 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1350969882998.jpg
[2012.10.23 08:28:42 | 000,077,827 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1350967956745.jpg
[2012.10.23 07:34:57 | 000,285,391 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1350965811674.jpg
[2012.10.22 20:03:01 | 000,013,061 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Microsoft.Windows.XP.Professional.SP3.Integrated.October.2012.SATA.By.Maher.torrent
[2012.10.22 19:28:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\e7krryn3.exe
[2012.10.22 19:14:53 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Shortcut to ComboFix.lnk
[2012.10.22 19:13:13 | 004,986,434 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2012.10.22 18:46:45 | 000,023,411 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\the.karate.kid.(2010).eng.1cd.(3764513).zip
[2012.10.22 18:46:37 | 000,428,184 | ---- | M] (Opensubtitles.org ) -- C:\Documents and Settings\Mike\Desktop\the.karate.kid.(2010).eng.1cd.(3764513).exe
[2012.10.22 16:46:57 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2012.10.22 16:20:25 | 002,194,704 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2012.10.22 16:10:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.10.22 15:50:02 | 001,108,948 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\1350905454537.jpg
[2012.10.22 14:06:18 | 000,010,939 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\ESET NOD32 Antivirus v5.0.95.0 Final (x64-x86) Incl Keys-BRiNGiT.torrent
[2012.10.21 19:37:12 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerPaint.lnk
[2012.10.21 19:36:51 | 002,049,421 | ---- | M] (FLISoft ) -- C:\Documents and Settings\Mike\Desktop\powerpaint.exe
[2012.10.21 18:43:46 | 000,050,412 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\6ee45df5f4ed617e8f01af8f10b6d3a63c68f420.zip
[2012.10.21 14:52:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.20 13:40:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-630328440-1417001333-1003Core.job
[2012.10.15 07:34:35 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012.10.15 00:58:30 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.10.10 19:21:25 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012.10.10 19:21:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.10.09 18:01:32 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk
[2012.10.06 06:18:43 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2012.10.06 06:18:42 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2012.10.03 21:51:15 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Mike\Start Menu\Programs\Startup\Random Wallpaper Changer.lnk
[2012.09.26 19:10:54 | 000,001,790 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\16-in-1.lnk

========== Files Created - No Company Name ==========

[2012.10.26 02:59:08 | 001,003,004 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351202282452.gif
[2012.10.26 02:26:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBR.dat
[2012.10.25 19:22:08 | 000,019,149 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\whitenoise.PNG
[2012.10.25 17:38:22 | 000,227,321 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351171434020.jpg
[2012.10.25 17:31:06 | 000,601,571 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351171074394.png
[2012.10.25 17:19:05 | 001,399,207 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Analiza_Matematica_Horatiu-transfer_ro-25oct-6fa84f.zip
[2012.10.25 17:15:18 | 003,619,071 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FAI__S__2012-10-25-transfer_ro-25oct-97993e.zip
[2012.10.25 15:45:33 | 000,001,204 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\hosts
[2012.10.25 15:39:02 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-BATMAN-Mike.job
[2012.10.25 15:24:52 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Flash Professional CS5.lnk
[2012.10.25 15:23:43 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012.10.25 15:23:13 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Media Encoder CS5.lnk
[2012.10.25 15:22:46 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012.10.25 15:20:35 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
[2012.10.25 15:20:21 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.exe.lnk
[2012.10.25 15:20:10 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.10.25 08:00:10 | 001,580,544 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\RogueKiller.exe
[2012.10.25 08:00:00 | 000,538,941 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\adwcleaner.exe
[2012.10.25 07:59:55 | 000,881,773 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SecurityCheck.exe
[2012.10.24 22:03:28 | 000,006,955 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} Club Stripes Boooty Call (Complete).torrent
[2012.10.24 22:02:17 | 001,612,385 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\[Kamicheetah] Boooty Call (1).zip
[2012.10.24 22:00:43 | 000,259,985 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\[Kamicheetah] Boooty Call.zip
[2012.10.24 21:55:33 | 000,081,416 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\just this.jpg
[2012.10.24 21:49:25 | 000,251,082 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\c'mon.jpg
[2012.10.24 20:51:02 | 000,288,848 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351099144155.jpg
[2012.10.24 19:43:31 | 000,340,772 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\oC11b72rv1.zip
[2012.10.24 19:37:58 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Mike\defogger_reenable
[2012.10.24 19:36:05 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tv0oddmb.exe
[2012.10.24 19:35:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Defogger.exe
[2012.10.24 09:19:06 | 000,065,979 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351059398363.jpg
[2012.10.24 09:19:02 | 000,851,965 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351059392662.png
[2012.10.24 07:53:00 | 002,579,325 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351054106963.jpg
[2012.10.24 07:33:01 | 001,909,081 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351046320212.gif
[2012.10.24 07:32:41 | 003,103,308 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351046222395.gif
[2012.10.24 06:57:17 | 000,542,493 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351042247916.jpg
[2012.10.23 18:46:33 | 000,079,514 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1351007018872.jpg
[2012.10.23 08:28:50 | 000,104,042 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1350969882998.jpg
[2012.10.23 08:28:42 | 000,077,827 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1350967956745.jpg
[2012.10.23 07:34:56 | 000,285,391 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1350965811674.jpg
[2012.10.22 20:03:00 | 000,013,061 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Microsoft.Windows.XP.Professional.SP3.Integrated.October.2012.SATA.By.Maher.torrent
[2012.10.22 19:28:00 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\e7krryn3.exe
[2012.10.22 19:14:53 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Shortcut to ComboFix.lnk
[2012.10.22 19:14:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.10.22 19:14:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.10.22 19:14:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.10.22 19:14:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.10.22 19:14:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.10.22 18:46:45 | 000,023,411 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\the.karate.kid.(2010).eng.1cd.(3764513).zip
[2012.10.22 16:20:02 | 002,194,704 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2012.10.22 15:49:57 | 001,108,948 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\1350905454537.jpg
[2012.10.22 14:06:17 | 000,010,939 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\ESET NOD32 Antivirus v5.0.95.0 Final (x64-x86) Incl Keys-BRiNGiT.torrent
[2012.10.21 19:43:45 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.21 19:37:12 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerPaint.lnk
[2012.10.21 18:43:45 | 000,050,412 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\6ee45df5f4ed617e8f01af8f10b6d3a63c68f420.zip
[2012.10.21 11:51:04 | 000,291,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012.10.19 16:58:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.10.19 16:58:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.10.10 19:21:25 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012.10.09 18:01:32 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Dev-C++.lnk
[2012.10.07 10:55:28 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.10.05 15:24:31 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.09.26 19:10:54 | 000,001,790 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\16-in-1.lnk
[2012.09.20 13:48:04 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012.09.20 13:48:03 | 000,618,823 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012.09.20 13:48:03 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012.08.31 16:33:12 | 000,065,064 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.08.03 12:56:12 | 000,036,557 | ---- | C] () -- C:\WINDOWS\System32\unil.exe
[2012.04.24 22:37:01 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\room_v3.dat
[2012.03.25 20:36:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2012.02.13 21:41:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2012.02.06 16:50:24 | 000,000,728 | ---- | C] () -- C:\WINDOWS\System32\Details.ini
[2012.02.06 16:44:49 | 000,090,112 | ---- | C] ( ) -- C:\WINDOWS\System32\STAPI.dll
[2012.02.06 16:38:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\RTELM.dll
[2012.01.27 22:02:04 | 000,462,848 | R--- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2012.01.27 22:02:04 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2012.01.01 13:09:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\steam_md4.dat
[2011.12.30 21:14:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011.12.29 11:13:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011.12.26 03:10:58 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\xwr69891.dll
[2011.12.26 03:10:58 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\wr69891.dll
[2011.12.25 16:33:58 | 005,586,664 | ---- | C] () -- C:\WINDOWS\System32\WTMKM.exe
[2011.12.25 16:33:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATWTINK.DLL
[2011.12.25 16:33:58 | 000,106,216 | ---- | C] () -- C:\WINDOWS\RmTablet.exe
[2011.12.24 23:53:38 | 000,397,032 | ---- | C] () -- C:\WINDOWS\System32\atwtusb.exe
[2011.12.24 23:53:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallService.exe
[2011.12.24 23:53:37 | 000,118,432 | ---- | C] () -- C:\WINDOWS\System32\Calibration.exe
[2011.12.24 23:53:36 | 000,013,254 | ---- | C] () -- C:\WINDOWS\System32\Vista.ini
[2011.12.24 23:53:36 | 000,012,948 | ---- | C] () -- C:\WINDOWS\System32\XP_2000.ini
[2011.12.24 23:53:36 | 000,008,229 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2011.12.24 23:53:36 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\MKProfile.ini
[2011.12.24 23:02:42 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.24 22:55:06 | 000,011,200 | ---- | C] () -- C:\WINDOWS\System32\Windows7.ini
[2011.12.24 22:55:06 | 000,010,686 | ---- | C] () -- C:\WINDOWS\System32\aiptbl.ini
[2011.12.24 22:17:56 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011.12.24 22:17:56 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011.12.24 22:17:56 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011.12.24 22:17:56 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011.12.24 22:17:56 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011.12.24 22:17:56 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011.12.24 22:17:56 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011.12.24 22:17:56 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011.12.24 22:17:56 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011.12.24 22:17:56 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011.12.24 22:17:56 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011.12.24 22:17:56 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011.12.24 22:17:56 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011.12.24 22:17:56 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011.12.24 22:17:56 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011.12.24 22:17:56 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011.12.24 22:17:56 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011.12.24 22:17:56 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011.12.24 22:17:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011.12.24 22:17:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2011.12.24 18:56:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2011.12.24 13:30:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.12.24 13:27:21 | 000,278,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.24 12:27:29 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2011.12.24 12:10:06 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2011.12.24 12:10:05 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2011.12.24 12:10:05 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2011.12.24 12:02:29 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.12.24 12:01:41 | 000,009,589 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011.12.24 11:58:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011.12.24 11:58:07 | 000,009,404 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.12.24 11:57:58 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.12.24 11:55:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.12.24 11:50:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.12.24 11:45:09 | 000,008,668 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.24 11:42:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.12.24 11:37:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011.05.31 09:39:50 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2011.05.31 09:38:18 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\bdmjpeg.dll

========== ZeroAccess Check ==========

[2011.12.24 11:48:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008.04.14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:54 AM

Posted 26 October 2012 - 04:32 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    
    :otl
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    IE - HKU\S-1-5-21-1202660629-630328440-1417001333-1003\..\SearchScopes\{AC98B791-4A15-4873-85AA-A2709014F156}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=5J&apn_dtid=YYYYYYYYRO&apn_uid=7c8b46cc-7f0c-43cd-b54a-b1fcecceff52&apn_sauid=922387DB-8839-4737-92BD-82E3B443FC42
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Bluegent

Bluegent
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 26 October 2012 - 08:50 PM

========== OTL ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry key HKEY_USERS\S-1-5-21-1202660629-630328440-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AC98B791-4A15-4873-85AA-A2709014F156}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC98B791-4A15-4873-85AA-A2709014F156}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Mike\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mike\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: Mike
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Mike
->Flash cache emptied: 877 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10272012_044922

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:54 AM

Posted 26 October 2012 - 09:32 PM

how are things doing now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Bluegent

Bluegent
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 27 October 2012 - 12:24 AM

I'll wait for a day and tell if you then if it still happens. Thank you for your time and help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users