Jump to content

melting22

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I haven't gotten any redirects since. Looks like case solved!
  2. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000000fc Kernel Drivers (total 135): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F79000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F68000 pci.sys 0xBA0A8000 isapnp.sys 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0B8000 MountMgr.sys 0xB9F49000 ftdisk.sys 0xBA5AC000 dmload.sys 0xB9F23000 dmio.sys 0xBA330000 PartMgr.sys 0xBA0C8000 VolSnap.sys 0xB9F0B000 atapi.sys 0xBA0D8000 disk.sys 0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9EEB000 fltmgr.sys 0xB9ED9000 sr.sys 0xBA0F8000 PxHelp20.sys 0xB9EC2000 KSecDD.sys 0xB9E35000 Ntfs.sys 0xB9E08000 NDIS.sys 0xB9DEE000 Mup.sys 0xBA108000 klbg.sys 0xBA198000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB91CB000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB91B7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB918F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xBA430000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB916B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB99B8000 \SystemRoot\system32\DRIVERS\imapi.sys 0xB9DB6000 \SystemRoot\system32\drivers\pfc.sys 0xB99A8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xB9998000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB9148000 \SystemRoot\system32\DRIVERS\ks.sys 0xB912F000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys 0xB9101000 \SystemRoot\system32\drivers\cx88vid.sys 0xB9988000 \SystemRoot\system32\drivers\STREAM.SYS 0xB9978000 \SystemRoot\system32\DRIVERS\serial.sys 0xB9DAA000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB90ED000 \SystemRoot\system32\DRIVERS\parport.sys 0xB9968000 \SystemRoot\system32\DRIVERS\klim5.sys 0xBA7FF000 \SystemRoot\system32\DRIVERS\audstub.sys 0xB9958000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA548000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB90D6000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xB9948000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xB9938000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA480000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB90C5000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA490000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB9095000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA4B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA340000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA1C8000 \SystemRoot\system32\DRIVERS\VClone.sys 0xB907D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0xBA610000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB901F000 \SystemRoot\system32\DRIVERS\update.sys 0xB9707000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA1D8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xACF93000 \SystemRoot\system32\drivers\AtiHdAud.sys 0xACF6F000 \SystemRoot\system32\drivers\portcls.sys 0xBA208000 \SystemRoot\system32\drivers\drmk.sys 0xBA228000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA61E000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xACAE3000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xB8FF3000 \SystemRoot\system32\drivers\CX88XBAR.sys 0xABA42000 \SystemRoot\system32\DRIVERS\klif.sys 0xBA63E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA72A000 \SystemRoot\System32\Drivers\Null.SYS 0xBA642000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA3D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA3D8000 \SystemRoot\System32\drivers\vga.sys 0xBA646000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA64A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA3E8000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA3F8000 \SystemRoot\System32\Drivers\Npfs.SYS 0xACADF000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xAB4DA000 \??\C:\WINDOWS\system32\drivers\kl1.sys 0xAB4C7000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xACAB3000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xAB446000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xAB41E000 \SystemRoot\system32\DRIVERS\netbt.sys 0xAB3F8000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xBA278000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAB3D6000 \SystemRoot\System32\drivers\afd.sys 0xBA288000 \SystemRoot\system32\DRIVERS\netbios.sys 0xAB3AB000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xBA770000 \SystemRoot\System32\Drivers\PQNTDrv.SYS 0xAB33B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA298000 \SystemRoot\System32\Drivers\Fips.SYS 0xBA440000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0xACA93000 \SystemRoot\System32\Drivers\ASPI32.SYS 0xBA458000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xABA36000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xBA470000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0xBA2D8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xAB202000 \SystemRoot\System32\Drivers\wdf01000.sys 0xABA2E000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xBA488000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0xBA2E8000 \SystemRoot\system32\DRIVERS\klmouflt.sys 0xBA2F8000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xAB1EA000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA660000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xBA5A0000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA3A0000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA685000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF060000 \SystemRoot\System32\ati2cqag.dll 0xBF10C000 \SystemRoot\System32\atikvmag.dll 0xBF1A9000 \SystemRoot\System32\atiok3x2.dll 0xBF20E000 \SystemRoot\System32\ati3duag.dll 0xBF5BF000 \SystemRoot\System32\ativvaxx.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA8695000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA8364000 \SystemRoot\system32\drivers\wdmaud.sys 0xBA218000 \SystemRoot\system32\drivers\sysaudio.sys 0xA8159000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xBA63C000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xBA6C3000 \SystemRoot\System32\Drivers\LBeepKE.sys 0xA825E000 \SystemRoot\system32\DRIVERS\secdrv.sys 0xA7F77000 \SystemRoot\system32\DRIVERS\srv.sys 0xA7B4E000 \SystemRoot\System32\Drivers\HTTP.sys 0xBA428000 \??\C:\DOCUME~1\Devlish\LOCALS~1\Temp\mbr.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 28): 0 System Idle Process 4 System 1044 C:\WINDOWS\system32\smss.exe 1092 csrss.exe 1124 C:\WINDOWS\system32\winlogon.exe 1172 C:\WINDOWS\system32\services.exe 1188 C:\WINDOWS\system32\lsass.exe 1360 C:\WINDOWS\system32\ati2evxx.exe 1396 C:\WINDOWS\system32\svchost.exe 1496 svchost.exe 1624 C:\WINDOWS\system32\svchost.exe 1724 svchost.exe 1880 svchost.exe 2012 C:\WINDOWS\system32\ati2evxx.exe 188 C:\WINDOWS\system32\spoolsv.exe 536 C:\Program Files\AlienGUIse\wbload.exe 808 C:\WINDOWS\explorer.exe 996 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe 1004 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1012 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 1032 C:\WINDOWS\RTHDCPL.exe 1420 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 1564 C:\Program Files\Java\jre6\bin\jqs.exe 1828 wdfmgr.exe 2252 C:\WINDOWS\system32\wuauclt.exe 3128 alg.exe 3764 C:\WINDOWS\system32\svchost.exe 1428 C:\Documents and Settings\Devlish\Desktop\MBRCheck (1).exe \\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) \\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`007e0000 (NTFS) PhysicalDrive3 Model Number: SAMSUNGHD501LJ, Rev: CR100-12 PhysicalDrive0 Model Number: Maxtor6Y160P0, Rev: YAR41BW0 PhysicalDrive1 Model Number: Maxtor6L200M0, Rev: BANC1G10 PhysicalDrive2 Model Number: Maxtor7B250S0, Rev: BANC1E00 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive3 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A 152 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F 189 GB \\.\PhysicalDrive1 Legit MBR code detected SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495 233 GB \\.\PhysicalDrive2 Legit MBR code detected SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done!
  3. ComboFix 10-08-11.02 - Devlish 08/11/2010 14:51:30.6.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1806 [GMT -4:00] Running from: c:\documents and settings\Devlish\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Devlish\Desktop\CFScript.txt.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 ))))))))))))))))))))))))))))))) . 2010-08-08 19:08 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalrt.dll 2010-08-08 19:08 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalcl.dll 2010-08-08 19:08 . 2010-07-07 01:57 4337664 ----a-w- c:\windows\system32\aticaldd.dll 2010-08-08 19:08 . 2010-07-07 01:53 15499264 ----a-w- c:\windows\system32\atioglxx.dll 2010-08-08 19:08 . 2010-07-07 01:29 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2010-08-08 19:08 . 2010-07-07 01:24 184320 ----a-w- c:\windows\system32\atiadlxx.dll 2010-08-08 19:08 . 2010-07-07 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll 2010-08-08 19:08 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe 2010-08-08 19:08 . 2010-08-08 19:09 -------- d-----w- c:\program files\ATI 2010-08-06 06:19 . 2010-08-06 06:19 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcp71.dll 2010-08-06 06:19 . 2010-08-06 06:19 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\jmc.dll 2010-08-06 06:19 . 2010-08-06 06:19 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcr71.dll 2010-08-06 06:19 . 2010-08-06 06:19 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-sse.dll 2010-08-06 06:19 . 2010-08-06 06:19 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-d3d.dll 2010-07-29 20:43 . 2008-04-14 09:42 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-07-29 20:36 . 2008-04-14 09:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2010-07-29 20:35 . 2008-04-14 09:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll 2010-07-27 18:28 . 2010-07-27 18:28 388096 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-27 18:28 . 2010-07-27 18:28 -------- d-----w- c:\program files\Trend Micro 2010-07-27 12:21 . 2010-07-27 12:21 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-26 23:24 . 2010-07-27 00:41 -------- d-----w- c:\program files\World of Warcraft 2010-07-26 00:05 . 2010-07-26 00:05 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-26 00:05 . 2010-07-26 00:05 -------- d-----w- c:\program files\Java 2010-07-24 00:41 . 2010-07-24 00:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-07-24 00:37 . 2010-07-24 00:37 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-07-24 00:37 . 2010-07-24 00:37 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-07-24 00:34 . 2010-07-24 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-07-23 23:18 . 2010-07-23 23:18 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll 2010-07-23 23:18 . 2010-07-23 23:18 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll 2010-07-23 23:18 . 2010-07-23 23:18 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll 2010-07-23 23:18 . 2010-07-23 23:18 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll 2010-07-23 23:18 . 2010-07-23 23:18 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll 2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll 2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys 2010-07-23 23:17 . 2010-07-23 23:17 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll 2010-07-23 23:02 . 2010-07-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2010-07-23 17:53 . 2010-07-23 17:53 54016 ----a-w- c:\windows\system32\drivers\xkix.sys 2010-07-22 22:43 . 2010-07-22 22:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-07-22 22:38 . 2010-07-22 22:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-07-22 22:38 . 2010-07-22 22:39 -------- d-----w- c:\program files\Google 2010-07-22 21:43 . 2010-07-22 21:43 -------- d-----w- c:\program files\FileASSASSIN 2010-07-22 20:49 . 2010-07-22 20:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2010-07-22 20:45 . 2010-07-22 20:45 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe 2010-07-22 19:37 . 2010-08-03 15:58 13104 ----a-w- c:\documents and settings\Devlish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-22 19:36 . 2010-07-22 19:36 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Sunbelt Software 2010-07-21 21:52 . 2010-07-21 21:52 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcp71.dll 2010-07-21 21:52 . 2010-07-21 21:52 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\jmc.dll 2010-07-21 21:52 . 2010-07-21 21:52 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcr71.dll 2010-07-21 21:52 . 2010-07-21 21:52 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-sse.dll 2010-07-21 21:52 . 2010-07-21 21:52 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-d3d.dll 2010-07-21 21:32 . 2010-07-28 19:37 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Temp 2010-07-21 21:32 . 2010-07-22 22:39 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Google 2010-07-21 19:51 . 2010-07-21 19:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll 2010-07-21 19:51 . 2010-07-21 19:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys 2010-07-21 19:50 . 2010-07-21 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-21 19:13 . 2010-07-21 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-21 19:13 . 2010-07-21 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-07-21 18:08 . 2010-07-23 18:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-21 14:56 . 2010-07-21 14:56 -------- d-s---w- c:\documents and settings\LocalService\UserData 2010-07-21 14:04 . 2008-04-14 04:06 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys 2010-07-21 00:29 . 2010-07-21 00:29 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-07-14 17:28 . 2010-07-14 17:28 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Fallout3 2010-07-14 17:23 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe 2010-07-14 17:23 . 2010-07-14 17:23 -------- d-----w- c:\program files\Bethesda Softworks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-11 13:28 . 2010-07-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-08-08 19:08 . 2008-02-05 13:43 -------- d-----w- c:\program files\ATI Technologies 2010-08-06 12:43 . 2009-08-04 20:57 -------- d-----w- c:\program files\Trillian 2010-07-29 19:59 . 2010-07-23 23:06 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-07-29 19:59 . 2010-07-23 23:06 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-07-27 18:43 . 2008-07-26 16:04 -------- d-----w- c:\program files\DivX 2010-07-27 00:41 . 2008-03-25 22:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-07-25 23:49 . 2008-04-01 18:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Orbit 2010-07-25 23:49 . 2008-02-07 01:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-07-25 23:47 . 2008-09-01 06:16 -------- d-----w- c:\program files\Common Files\Java 2010-07-24 05:25 . 2010-07-24 00:38 -------- d-----w- c:\documents and settings\Devlish\Application Data\DivX 2010-07-24 00:38 . 2010-07-24 00:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-07-24 00:34 . 2010-07-24 00:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-07-24 00:34 . 2010-07-24 00:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-07-23 23:17 . 2010-07-23 23:17 133648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll 2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll 2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll 2010-07-23 23:17 . 2010-07-23 23:17 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll 2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll 2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-07-23 23:17 . 2010-07-23 23:17 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll 2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys 2010-07-23 23:05 . 2010-07-23 23:05 -------- d-----w- c:\program files\Kaspersky Lab 2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\program files\Lavasoft 2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-07-22 21:55 . 2010-03-23 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-07-22 18:59 . 2010-03-31 12:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-21 21:07 . 2010-02-09 22:08 -------- d-----w- c:\documents and settings\Devlish\Application Data\Qunuze 2010-07-20 19:29 . 2009-09-03 12:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Irocka 2010-07-16 11:35 . 2009-06-27 17:12 -------- d-----w- c:\documents and settings\Devlish\Application Data\Edtuag 2010-07-14 17:23 . 2010-04-22 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3 2010-07-14 17:23 . 2008-02-05 13:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-07 19:19 . 2010-07-07 11:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logitech 2010-07-07 11:49 . 2010-07-07 11:49 -------- d-----w- c:\documents and settings\Devlish\Application Data\Leadertech 2010-07-07 11:49 . 2010-07-07 11:49 53248 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\program files\Common Files\LogiShrd 2010-07-07 11:49 . 2010-07-07 11:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd 2010-07-07 11:48 . 2008-05-28 14:47 -------- d-----w- c:\program files\Logitech 2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logishrd 2010-07-07 02:27 . 2007-06-15 01:58 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2010-07-07 01:50 . 2008-02-05 13:43 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2010-07-07 01:48 . 2008-02-05 13:43 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2010-07-07 01:47 . 2007-06-15 01:59 299520 ----a-w- c:\windows\system32\ati2dvag.dll 2010-07-07 01:41 . 2007-06-15 01:41 3869952 ----a-w- c:\windows\system32\ati3duag.dll 2010-07-07 01:33 . 2007-06-15 01:52 208896 ----a-w- c:\windows\system32\atipdlxx.dll 2010-07-07 01:32 . 2007-03-23 20:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll 2010-07-07 01:32 . 2007-06-15 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2010-07-07 01:32 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2010-07-07 01:32 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\ati2evxx.dll 2010-07-07 01:31 . 2007-06-15 01:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe 2010-07-07 01:29 . 2007-06-15 01:49 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2010-07-07 01:28 . 2007-06-15 01:31 2273920 ----a-w- c:\windows\system32\ativvaxx.dll 2010-07-07 01:27 . 2008-02-05 13:43 887724 ----a-w- c:\windows\system32\ativva6x.dat 2010-07-07 01:27 . 2008-02-05 13:43 3 ----a-w- c:\windows\system32\ativva5x.dat 2010-07-07 01:25 . 2007-06-15 01:18 573440 ----a-w- c:\windows\system32\atikvmag.dll 2010-07-07 01:24 . 2007-06-15 01:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll 2010-07-07 01:23 . 2007-06-15 01:17 17408 ----a-w- c:\windows\system32\atitvo32.dll 2010-07-07 01:19 . 2007-06-15 01:11 704512 ----a-w- c:\windows\system32\ati2cqag.dll 2010-07-07 01:15 . 2007-12-21 02:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll 2010-07-07 01:15 . 2007-06-15 01:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2010-06-18 15:34 . 2010-06-18 15:34 -------- d-----w- c:\documents and settings\Devlish\Application Data\Moyea 2010-06-18 15:19 . 2010-06-18 15:19 766 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_294823.exe 2010-06-18 15:19 . 2010-06-18 15:19 2238 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_4ae13d6c.exe 2010-06-18 15:19 . 2010-06-18 15:19 1518 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_69525f90.exe 2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_2cd672ae.exe 2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_18be6784.exe 2010-06-18 15:18 . 2010-06-18 15:18 -------- d-----w- c:\program files\MP3 Player Utilities 4.00 2010-06-15 17:50 . 2010-06-15 17:50 -------- d-----w- c:\program files\Multimedia Transcoding Tool 2010-06-15 17:49 . 2010-03-14 06:17 -------- d-----w- c:\documents and settings\Devlish\Application Data\Apple Computer 2010-06-15 17:47 . 2010-03-14 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-06-09 23:01 . 2010-07-24 00:38 126448 ------w- c:\windows\system32\pxinsi64.exe 2010-06-09 23:01 . 2010-07-24 00:38 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-06-09 23:01 . 2008-02-28 12:35 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-06-09 23:01 . 2008-02-28 12:35 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-06-09 23:01 . 2008-02-28 12:35 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys 2010-06-09 23:01 . 2008-02-28 12:35 133616 ------w- c:\windows\system32\pxafs.dll 2010-06-08 18:29 . 2010-06-08 18:29 45828 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll 2010-05-23 21:50 . 2010-06-25 02:17 73216 ----a-w- c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll . ((((((((((((((((((((((((((((( SnapShot_2010-08-09_12.54.15 ))))))))))))))))))))))))))))))))))))))))) . + 2010-08-11 06:12 . 2010-08-11 11:12 2452 c:\windows\SoftwareDistribution\EventCache\{DAEFADDE-70D0-484C-932A-1364EDDA36F1}.bin + 2010-08-10 00:11 . 2010-08-10 05:11 2452 c:\windows\SoftwareDistribution\EventCache\{68FA3993-BC10-4154-B94E-7EA43F0DEDED}.bin + 2010-08-10 10:11 . 2010-08-10 20:11 2452 c:\windows\SoftwareDistribution\EventCache\{624CDC06-7D9D-47D3-928A-0839CEAFCD40}.bin + 2010-08-09 14:11 . 2010-08-09 19:11 2452 c:\windows\SoftwareDistribution\EventCache\{4ADFAE11-2DBB-4B86-913E-7F30B88AE6F6}.bin + 2010-08-10 20:11 . 2010-08-11 01:12 2452 c:\windows\SoftwareDistribution\EventCache\{12DFAE96-73D1-48E1-B3A8-FF625AEEA7A6}.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Devlish^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Devlish\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2010-05-18 20:41 1311312 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-07-21 21:32 136176 ----atw- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent] 2005-04-13 15:46 751104 ----a-w- c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] 2002-02-05 03:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-09-19 10:14 16844800 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0330Mon.exe] 2007-04-30 06:03 32768 ----a-w- c:\windows\V0330Mon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr] 2005-02-17 04:03 106496 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] 2004-03-18 13:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "helpsvc"=2 (0x2) "ERSvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10170-to-0.2.0.10179-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10433-to-0.2.2.10468-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"= "c:\\Program Files\\Electronic Arts\\Armies of Exigo\\Exigo.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [7/1/2008 9:42 AM 8960] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2010 6:38 PM 136176] S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/7/2010 7:49 AM 10448] S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472] S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2/22/2009 6:35 AM 157696] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6/21/2008 9:13 AM 158720] S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6/21/2008 9:13 AM 5248] . Contents of the 'Scheduled Tasks' folder 2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38] 2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38] 2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003Core.job - c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32] 2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003UA.job - c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.orbitdownloader.com uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html FF - ProfilePath - c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/ FF - component: c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-11 14:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys >>UNKNOWN [0x8AACDA17]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28 \Driver\ACPI -> ACPI.sys @ 0xf75aecb8 \Driver\atapi -> atapi.sys @ 0xf74a0852 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7439bb0 PacketIndicateHandler -> NDIS.sys @ 0xf7446a21 SendHandler -> NDIS.sys @ 0xf742487b user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%] @Class="Shell" [HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%\OpenWithList] @Class="Shell" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(940) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\AlienGUIse\fastload.dll . Completion time: 2010-08-11 14:59:41 ComboFix-quarantined-files.txt 2010-08-11 18:59 ComboFix2.txt 2010-08-06 13:15 Pre-Run: 225,798,160,384 bytes free Post-Run: 225,782,312,960 bytes free - - End Of File - - 6245933C40B261B25061ADA5A5353D6C
  4. Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK
  5. redirects started in chrome and firefox. after they start showing up every search result turns into an addpage when clicked on until the browser is closed
  6. I was only able to make the redirects start twice over about 15 minutes of trying with different browsers / search engines. when the redirects started they didnt stop until i closed the browser (once in each)
  7. no. the program is still telling me one drive's mbr is faked and one is unkown. it doesnt seem to change either of them
  8. ok.. got the program to run in safe mode as administrator (can't believe i remembered the password). i'm pretty sure you are going to want me to use it on drive 3 instead of 0. but i used it on 0 like you said. thanks for sticking with me on this MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x000000fc Kernel Drivers (total 100): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806FF000 \WINDOWS\system32\hal.dll 0x8AA91000 \WINDOWS\system32\KDCOM.DLL 0xF789B000 \WINDOWS\system32\BOOTVID.dll 0xF75A8000 ACPI.sys 0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7597000 pci.sys 0xF75F7000 isapnp.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7607000 MountMgr.sys 0xF74D8000 ftdisk.sys 0xF7989000 dmload.sys 0xF74B2000 dmio.sys 0xF770F000 PartMgr.sys 0xF7617000 VolSnap.sys 0xF749A000 atapi.sys 0xF7627000 disk.sys 0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF747A000 fltmgr.sys 0xF7468000 sr.sys 0xF7647000 PxHelp20.sys 0xF7451000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF7424000 NDIS.sys 0xF740A000 Mup.sys 0xF7657000 klbg.sys 0xBA6DE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF7767000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xBA6BA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF776F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF7687000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF791F000 \SystemRoot\system32\drivers\pfc.sys 0xF7697000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF76A7000 \SystemRoot\system32\DRIVERS\redbook.sys 0xBA697000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA67E000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys 0xF76B7000 \SystemRoot\system32\DRIVERS\klim5.sys 0xF76C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7933000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xBA667000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF76D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF76E7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF779F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xBA62E000 \SystemRoot\system32\DRIVERS\psched.sys 0xF76F7000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF77AF000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF77BF000 \SystemRoot\system32\DRIVERS\raspti.sys 0xBA5AE000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7587000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF77CF000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF77D7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7577000 \SystemRoot\system32\DRIVERS\VClone.sys 0xBA4F6000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0xF7991000 \SystemRoot\system32\DRIVERS\swenum.sys 0xBA498000 \SystemRoot\system32\DRIVERS\update.sys 0xBA7F8000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7567000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7557000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF799B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF79A1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7A8C000 \SystemRoot\System32\Drivers\Null.SYS 0xF79A5000 \SystemRoot\System32\Drivers\Beep.SYS 0xF775F000 \SystemRoot\System32\drivers\vga.sys 0xBA402000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0xF79A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF77A7000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA48C000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xBA468000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF7547000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xBA5EE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA3A7000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xBA34E000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xBA326000 \SystemRoot\system32\DRIVERS\netbt.sys 0xBA300000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xBA2DE000 \SystemRoot\System32\drivers\afd.sys 0xF7537000 \SystemRoot\system32\DRIVERS\netbios.sys 0xBA2B3000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xBA243000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF77DF000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xBA3CE000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF7797000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0xF7517000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xBA1D2000 \SystemRoot\System32\Drivers\wdf01000.sys 0xBA450000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xBA5E6000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0xF74F7000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xBA142000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79CF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xBA424000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77B7000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7A60000 \SystemRoot\System32\drivers\dxgthk.sys 0xBFF50000 \SystemRoot\System32\framebuf.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB9E1A000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB9BA8000 \SystemRoot\system32\DRIVERS\srv.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 15): 0 System Idle Process 4 System 868 C:\WINDOWS\system32\smss.exe 920 csrss.exe 944 C:\WINDOWS\system32\winlogon.exe 988 C:\WINDOWS\system32\services.exe 1000 C:\WINDOWS\system32\lsass.exe 1160 C:\WINDOWS\system32\svchost.exe 1248 svchost.exe 1460 C:\WINDOWS\system32\svchost.exe 1572 svchost.exe 1728 svchost.exe 504 C:\WINDOWS\explorer.exe 672 C:\WINDOWS\system32\notepad.exe 756 C:\Documents and Settings\Devlish\My Documents\Downloads\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) \\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`007e0000 (NTFS) PhysicalDrive3 Model Number: SAMSUNGHD501LJ, Rev: CR100-12 PhysicalDrive0 Model Number: Maxtor6Y160P0, Rev: YAR41BW0 PhysicalDrive1 Model Number: Maxtor6L200M0, Rev: BANC1G10 PhysicalDrive2 Model Number: Maxtor7B250S0, Rev: BANC1E00 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive3 MBR Code Faked! SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995 152 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F 189 GB \\.\PhysicalDrive1 Legit MBR code detected SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495 233 GB \\.\PhysicalDrive2 Legit MBR code detected SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  9. 2010/08/09 11:06:23.0343 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41 2010/08/09 11:06:23.0343 ================================================================================ 2010/08/09 11:06:23.0343 SystemInfo: 2010/08/09 11:06:23.0343 2010/08/09 11:06:23.0343 OS Version: 5.1.2600 ServicePack: 3.0 2010/08/09 11:06:23.0343 Product type: Workstation 2010/08/09 11:06:23.0343 ComputerName: EXECUTER 2010/08/09 11:06:23.0343 UserName: Devlish 2010/08/09 11:06:23.0343 Windows directory: C:\WINDOWS 2010/08/09 11:06:23.0343 System windows directory: C:\WINDOWS 2010/08/09 11:06:23.0343 Processor architecture: Intel x86 2010/08/09 11:06:23.0343 Number of processors: 2 2010/08/09 11:06:23.0343 Page size: 0x1000 2010/08/09 11:06:23.0343 Boot type: Normal boot 2010/08/09 11:06:23.0343 ================================================================================ 2010/08/09 11:06:23.0578 Initialize success 2010/08/09 11:06:27.0875 ================================================================================ 2010/08/09 11:06:27.0875 Scan started 2010/08/09 11:06:27.0875 Mode: Manual; 2010/08/09 11:06:27.0875 ================================================================================ 2010/08/09 11:06:28.0765 a347bus (61c7faa37417ca5bafa0490a49cc84d6) C:\WINDOWS\system32\DRIVERS\a347bus.sys 2010/08/09 11:06:28.0812 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\System32\Drivers\a347scsi.sys 2010/08/09 11:06:28.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/08/09 11:06:28.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/08/09 11:06:29.0015 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/08/09 11:06:29.0093 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 2010/08/09 11:06:29.0203 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys 2010/08/09 11:06:29.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/08/09 11:06:29.0281 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/08/09 11:06:29.0593 ati2mtag (1d99d1b43638e31ea5cf4a8fd199762b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/08/09 11:06:29.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/08/09 11:06:30.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/08/09 11:06:30.0156 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2010/08/09 11:06:30.0156 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2010/08/09 11:06:30.0203 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/08/09 11:06:30.0250 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/08/09 11:06:30.0281 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/08/09 11:06:30.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/08/09 11:06:30.0375 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/08/09 11:06:30.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/08/09 11:06:30.0515 CX23880 (4738c943897f84a3fc33781b3d50affc) C:\WINDOWS\system32\drivers\cx88vid.sys 2010/08/09 11:06:30.0546 CX88XBAR (243cc69ad24dd71264188d9af1ff1958) C:\WINDOWS\system32\drivers\CX88XBAR.sys 2010/08/09 11:06:30.0609 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/08/09 11:06:30.0687 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/08/09 11:06:30.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/08/09 11:06:30.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/08/09 11:06:30.0828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/08/09 11:06:30.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/08/09 11:06:30.0890 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 2010/08/09 11:06:30.0937 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/08/09 11:06:30.0984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/08/09 11:06:31.0015 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS 2010/08/09 11:06:31.0046 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/08/09 11:06:31.0093 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/08/09 11:06:31.0156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/08/09 11:06:31.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/08/09 11:06:31.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/08/09 11:06:31.0281 gdrv (b6bfec7542730e9a376bf2408423d493) C:\WINDOWS\gdrv.sys 2010/08/09 11:06:31.0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/08/09 11:06:31.0343 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys 2010/08/09 11:06:31.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/08/09 11:06:31.0468 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/08/09 11:06:31.0515 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/08/09 11:06:31.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/08/09 11:06:31.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/08/09 11:06:31.0796 IntcAzAudAddService (c282875880df189c64c465fc54a0150a) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/08/09 11:06:31.0875 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/08/09 11:06:31.0890 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/08/09 11:06:31.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/08/09 11:06:31.0968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/08/09 11:06:32.0031 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/08/09 11:06:32.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/08/09 11:06:32.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/08/09 11:06:32.0125 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/08/09 11:06:32.0156 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\Drivers\itchfltr.sys 2010/08/09 11:06:32.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/08/09 11:06:32.0203 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/08/09 11:06:32.0281 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys 2010/08/09 11:06:32.0296 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys 2010/08/09 11:06:32.0375 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys 2010/08/09 11:06:32.0421 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys 2010/08/09 11:06:32.0453 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys 2010/08/09 11:06:32.0484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/08/09 11:06:32.0531 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/08/09 11:06:32.0562 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys 2010/08/09 11:06:32.0609 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\Drivers\LCcFltr.Sys 2010/08/09 11:06:32.0640 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2010/08/09 11:06:32.0671 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys 2010/08/09 11:06:32.0687 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2010/08/09 11:06:32.0718 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/08/09 11:06:32.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/08/09 11:06:32.0765 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/08/09 11:06:32.0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/08/09 11:06:32.0843 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/08/09 11:06:32.0875 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/08/09 11:06:33.0031 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/08/09 11:06:33.0046 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/08/09 11:06:33.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/08/09 11:06:33.0078 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/08/09 11:06:33.0109 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/08/09 11:06:33.0125 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/08/09 11:06:33.0171 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/08/09 11:06:33.0218 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/08/09 11:06:33.0250 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/08/09 11:06:33.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/08/09 11:06:33.0328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/08/09 11:06:33.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/08/09 11:06:33.0390 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/08/09 11:06:33.0421 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/08/09 11:06:33.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/08/09 11:06:33.0484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/08/09 11:06:33.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/08/09 11:06:33.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/08/09 11:06:33.0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/08/09 11:06:33.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/08/09 11:06:33.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/08/09 11:06:33.0703 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/08/09 11:06:33.0750 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/08/09 11:06:33.0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/08/09 11:06:33.0812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/08/09 11:06:33.0859 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/08/09 11:06:33.0890 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/08/09 11:06:33.0953 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/08/09 11:06:34.0046 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys 2010/08/09 11:06:34.0078 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/08/09 11:06:34.0093 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys 2010/08/09 11:06:34.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/08/09 11:06:34.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/08/09 11:06:34.0203 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/08/09 11:06:34.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/08/09 11:06:34.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/08/09 11:06:34.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/08/09 11:06:34.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/08/09 11:06:34.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/08/09 11:06:34.0437 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/08/09 11:06:34.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/08/09 11:06:34.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/08/09 11:06:34.0578 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/08/09 11:06:34.0640 RTLE8023xp (36ada62330c31ad314e4a26b815fc485) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2010/08/09 11:06:34.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/08/09 11:06:34.0718 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/08/09 11:06:34.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/08/09 11:06:34.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/08/09 11:06:34.0859 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/08/09 11:06:34.0906 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/08/09 11:06:34.0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/08/09 11:06:35.0031 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/08/09 11:06:35.0062 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/08/09 11:06:35.0078 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/08/09 11:06:35.0125 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/08/09 11:06:35.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/08/09 11:06:35.0281 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/08/09 11:06:35.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/08/09 11:06:35.0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/08/09 11:06:35.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/08/09 11:06:35.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/08/09 11:06:35.0531 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/08/09 11:06:35.0578 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2010/08/09 11:06:35.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/08/09 11:06:35.0625 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/08/09 11:06:35.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/08/09 11:06:35.0671 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/08/09 11:06:35.0687 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/08/09 11:06:35.0734 V0330VID (c31d232a9ccbaa03da67504ec5c208ca) C:\WINDOWS\system32\DRIVERS\V0330Vid.sys 2010/08/09 11:06:35.0765 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys 2010/08/09 11:06:35.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/08/09 11:06:35.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/08/09 11:06:35.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/08/09 11:06:35.0937 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2010/08/09 11:06:35.0968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/08/09 11:06:36.0015 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/08/09 11:06:36.0046 ================================================================================ 2010/08/09 11:06:36.0046 Scan finished 2010/08/09 11:06:36.0046 ================================================================================ 2010/08/09 11:06:44.0859 Deinitialize success
  10. it will execute without the -v on the end
  11. when i run "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v it comes up with an error and lists vaild line parameters and doesnt make a txt file
  12. ComboFix 10-08-08.02 - Devlish 08/09/2010 8:44.5.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1806 [GMT -4:00] Running from: c:\documents and settings\Devlish\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Devlish\Desktop\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ccoxdmgu ((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 ))))))))))))))))))))))))))))))) . 2010-08-08 19:08 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalrt.dll 2010-08-08 19:08 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalcl.dll 2010-08-08 19:08 . 2010-07-07 01:57 4337664 ----a-w- c:\windows\system32\aticaldd.dll 2010-08-08 19:08 . 2010-07-07 01:53 15499264 ----a-w- c:\windows\system32\atioglxx.dll 2010-08-08 19:08 . 2010-07-07 01:29 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2010-08-08 19:08 . 2010-07-07 01:24 184320 ----a-w- c:\windows\system32\atiadlxx.dll 2010-08-08 19:08 . 2010-07-07 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll 2010-08-08 19:08 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe 2010-08-08 19:08 . 2010-08-08 19:09 -------- d-----w- c:\program files\ATI 2010-08-06 06:19 . 2010-08-06 06:19 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcp71.dll 2010-08-06 06:19 . 2010-08-06 06:19 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\jmc.dll 2010-08-06 06:19 . 2010-08-06 06:19 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcr71.dll 2010-08-06 06:19 . 2010-08-06 06:19 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-sse.dll 2010-08-06 06:19 . 2010-08-06 06:19 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-d3d.dll 2010-07-29 20:43 . 2008-04-14 09:42 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-07-29 20:36 . 2008-04-14 09:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2010-07-29 20:35 . 2008-04-14 09:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll 2010-07-27 18:28 . 2010-07-27 18:28 388096 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-27 18:28 . 2010-07-27 18:28 -------- d-----w- c:\program files\Trend Micro 2010-07-27 12:21 . 2010-07-27 12:21 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-26 23:24 . 2010-07-27 00:41 -------- d-----w- c:\program files\World of Warcraft 2010-07-26 00:05 . 2010-07-26 00:05 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-26 00:05 . 2010-07-26 00:05 -------- d-----w- c:\program files\Java 2010-07-24 00:41 . 2010-07-24 00:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-07-24 00:37 . 2010-07-24 00:37 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-07-24 00:37 . 2010-07-24 00:37 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-07-24 00:37 . 2010-07-24 00:37 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-07-24 00:34 . 2010-07-24 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-07-23 23:18 . 2010-07-23 23:18 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll 2010-07-23 23:18 . 2010-07-23 23:18 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll 2010-07-23 23:18 . 2010-07-23 23:18 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll 2010-07-23 23:18 . 2010-07-23 23:18 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll 2010-07-23 23:18 . 2010-07-23 23:18 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll 2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll 2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys 2010-07-23 23:17 . 2010-07-23 23:17 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll 2010-07-23 23:02 . 2010-07-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2010-07-23 17:53 . 2010-07-23 17:53 54016 ----a-w- c:\windows\system32\drivers\xkix.sys 2010-07-22 22:43 . 2010-07-22 22:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-07-22 22:38 . 2010-07-22 22:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-07-22 22:38 . 2010-07-22 22:39 -------- d-----w- c:\program files\Google 2010-07-22 21:43 . 2010-07-22 21:43 -------- d-----w- c:\program files\FileASSASSIN 2010-07-22 20:49 . 2010-07-22 20:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2010-07-22 20:45 . 2010-07-22 20:45 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe 2010-07-22 19:37 . 2010-08-03 15:58 13104 ----a-w- c:\documents and settings\Devlish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-22 19:36 . 2010-07-22 19:36 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Sunbelt Software 2010-07-21 21:52 . 2010-07-21 21:52 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcp71.dll 2010-07-21 21:52 . 2010-07-21 21:52 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\jmc.dll 2010-07-21 21:52 . 2010-07-21 21:52 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcr71.dll 2010-07-21 21:52 . 2010-07-21 21:52 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-sse.dll 2010-07-21 21:52 . 2010-07-21 21:52 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-d3d.dll 2010-07-21 21:32 . 2010-07-28 19:37 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Temp 2010-07-21 21:32 . 2010-07-22 22:39 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Google 2010-07-21 19:51 . 2010-07-21 19:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll 2010-07-21 19:51 . 2010-07-21 19:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys 2010-07-21 19:50 . 2010-07-21 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-21 19:13 . 2010-07-21 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-21 19:13 . 2010-07-21 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-07-21 18:08 . 2010-07-23 18:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-21 14:56 . 2010-07-21 14:56 -------- d-s---w- c:\documents and settings\LocalService\UserData 2010-07-21 14:04 . 2008-04-14 04:06 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys 2010-07-21 00:29 . 2010-07-21 00:29 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-07-14 17:28 . 2010-07-14 17:28 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Fallout3 2010-07-14 17:23 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe 2010-07-14 17:23 . 2010-07-14 17:23 -------- d-----w- c:\program files\Bethesda Softworks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-08 19:13 . 2010-07-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-08-08 19:08 . 2008-02-05 13:43 -------- d-----w- c:\program files\ATI Technologies 2010-08-06 12:43 . 2009-08-04 20:57 -------- d-----w- c:\program files\Trillian 2010-07-29 19:59 . 2010-07-23 23:06 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-07-29 19:59 . 2010-07-23 23:06 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-07-27 18:43 . 2008-07-26 16:04 -------- d-----w- c:\program files\DivX 2010-07-27 00:41 . 2008-03-25 22:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-07-25 23:49 . 2008-04-01 18:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Orbit 2010-07-25 23:49 . 2008-02-07 01:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-07-25 23:47 . 2008-09-01 06:16 -------- d-----w- c:\program files\Common Files\Java 2010-07-24 05:25 . 2010-07-24 00:38 -------- d-----w- c:\documents and settings\Devlish\Application Data\DivX 2010-07-24 00:38 . 2010-07-24 00:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-07-24 00:38 . 2010-07-24 00:38 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-07-24 00:34 . 2010-07-24 00:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-07-24 00:34 . 2010-07-24 00:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-07-23 23:17 . 2010-07-23 23:17 133648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll 2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll 2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll 2010-07-23 23:17 . 2010-07-23 23:17 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll 2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll 2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-07-23 23:17 . 2010-07-23 23:17 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll 2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys 2010-07-23 23:05 . 2010-07-23 23:05 -------- d-----w- c:\program files\Kaspersky Lab 2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\program files\Lavasoft 2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-07-22 21:55 . 2010-03-23 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-07-22 18:59 . 2010-03-31 12:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-21 21:07 . 2010-02-09 22:08 -------- d-----w- c:\documents and settings\Devlish\Application Data\Qunuze 2010-07-20 19:29 . 2009-09-03 12:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Irocka 2010-07-16 11:35 . 2009-06-27 17:12 -------- d-----w- c:\documents and settings\Devlish\Application Data\Edtuag 2010-07-14 17:23 . 2010-04-22 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3 2010-07-14 17:23 . 2008-02-05 13:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-07 19:19 . 2010-07-07 11:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logitech 2010-07-07 11:49 . 2010-07-07 11:49 -------- d-----w- c:\documents and settings\Devlish\Application Data\Leadertech 2010-07-07 11:49 . 2010-07-07 11:49 53248 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\program files\Common Files\LogiShrd 2010-07-07 11:49 . 2010-07-07 11:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd 2010-07-07 11:48 . 2008-05-28 14:47 -------- d-----w- c:\program files\Logitech 2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logishrd 2010-07-07 02:27 . 2007-06-15 01:58 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2010-07-07 01:50 . 2008-02-05 13:43 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2010-07-07 01:48 . 2008-02-05 13:43 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2010-07-07 01:47 . 2007-06-15 01:59 299520 ----a-w- c:\windows\system32\ati2dvag.dll 2010-07-07 01:41 . 2007-06-15 01:41 3869952 ----a-w- c:\windows\system32\ati3duag.dll 2010-07-07 01:33 . 2007-06-15 01:52 208896 ----a-w- c:\windows\system32\atipdlxx.dll 2010-07-07 01:32 . 2007-03-23 20:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll 2010-07-07 01:32 . 2007-06-15 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2010-07-07 01:32 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2010-07-07 01:32 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\ati2evxx.dll 2010-07-07 01:31 . 2007-06-15 01:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe 2010-07-07 01:29 . 2007-06-15 01:49 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2010-07-07 01:28 . 2007-06-15 01:31 2273920 ----a-w- c:\windows\system32\ativvaxx.dll 2010-07-07 01:27 . 2008-02-05 13:43 887724 ----a-w- c:\windows\system32\ativva6x.dat 2010-07-07 01:27 . 2008-02-05 13:43 3 ----a-w- c:\windows\system32\ativva5x.dat 2010-07-07 01:25 . 2007-06-15 01:18 573440 ----a-w- c:\windows\system32\atikvmag.dll 2010-07-07 01:24 . 2007-06-15 01:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll 2010-07-07 01:23 . 2007-06-15 01:17 17408 ----a-w- c:\windows\system32\atitvo32.dll 2010-07-07 01:19 . 2007-06-15 01:11 704512 ----a-w- c:\windows\system32\ati2cqag.dll 2010-07-07 01:15 . 2007-12-21 02:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll 2010-07-07 01:15 . 2007-06-15 01:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2010-06-18 15:34 . 2010-06-18 15:34 -------- d-----w- c:\documents and settings\Devlish\Application Data\Moyea 2010-06-18 15:19 . 2010-06-18 15:19 766 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_294823.exe 2010-06-18 15:19 . 2010-06-18 15:19 2238 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_4ae13d6c.exe 2010-06-18 15:19 . 2010-06-18 15:19 1518 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_69525f90.exe 2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_2cd672ae.exe 2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_18be6784.exe 2010-06-18 15:18 . 2010-06-18 15:18 -------- d-----w- c:\program files\MP3 Player Utilities 4.00 2010-06-15 17:50 . 2010-06-15 17:50 -------- d-----w- c:\program files\Multimedia Transcoding Tool 2010-06-15 17:49 . 2010-03-14 06:17 -------- d-----w- c:\documents and settings\Devlish\Application Data\Apple Computer 2010-06-15 17:47 . 2010-03-14 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-06-09 23:01 . 2010-07-24 00:38 126448 ------w- c:\windows\system32\pxinsi64.exe 2010-06-09 23:01 . 2010-07-24 00:38 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-06-09 23:01 . 2008-02-28 12:35 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-06-09 23:01 . 2008-02-28 12:35 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-06-09 23:01 . 2008-02-28 12:35 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys 2010-06-09 23:01 . 2008-02-28 12:35 133616 ------w- c:\windows\system32\pxafs.dll 2010-06-08 18:29 . 2010-06-08 18:29 45828 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll 2010-05-23 21:50 . 2010-06-25 02:17 73216 ----a-w- c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll 2010-05-11 20:42 . 2008-02-05 13:43 205156 ----a-w- c:\windows\system32\atiicdxx.dat . ((((((((((((((((((((((((((((( SnapShot@2010-08-06_13.05.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2010-08-08 19:08 . 2010-07-07 01:32 81083 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\oemdspif.dll + 2010-08-08 19:08 . 2001-11-09 15:01 12614 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ativcoxx.dll + 2010-08-08 19:08 . 2009-02-18 17:55 81447 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiode.exe + 2010-08-08 19:08 . 2009-02-03 20:52 25093 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiodcli.exe + 2010-08-08 19:08 . 2010-07-07 01:15 41477 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atimpc32.dll + 2010-08-08 19:08 . 2010-07-07 01:29 28700 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiddc.dll + 2010-08-08 19:08 . 2010-07-07 01:58 29394 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\aticalrt.dll + 2010-08-08 19:08 . 2010-07-07 01:58 28972 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\aticalcl.dll + 2010-08-08 19:08 . 2009-05-11 21:35 71662 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atibtmon.exe + 2010-08-08 19:08 . 2010-07-07 01:29 54492 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiapfxx.exe + 2010-08-08 19:08 . 2010-07-07 01:32 16309 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2mdxx.exe + 2010-08-08 19:08 . 2010-07-07 01:32 80978 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2evxx.dll + 2010-08-08 19:08 . 2010-07-07 01:15 13650 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2erec.dll + 2010-08-08 19:08 . 2010-07-07 01:32 28844 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2edxx.dll + 2007-06-02 02:25 . 2009-02-03 20:52 45056 c:\windows\system32\ATIODCLI.exe + 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe + 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe + 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe + 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe + 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\ARPPRODUCTICON.exe + 2010-08-08 19:08 . 2010-07-07 01:23 8348 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atitvo32.dll + 2010-08-06 16:09 . 2010-08-06 21:09 2452 c:\windows\SoftwareDistribution\EventCache\{FF422914-4A2D-490F-8D65-5C006FADDF2C}.bin + 2010-08-08 18:10 . 2010-08-09 04:10 2452 c:\windows\SoftwareDistribution\EventCache\{D4923E76-6FE8-49F2-A505-B493EDFF4512}.bin + 2010-08-07 22:10 . 2010-08-08 03:10 2452 c:\windows\SoftwareDistribution\EventCache\{B6481392-2CB8-41F0-992A-7B4A0A96BF55}.bin + 2010-08-07 02:09 . 2010-08-07 07:09 2452 c:\windows\SoftwareDistribution\EventCache\{82EEB085-EE01-4654-8357-7F206243F684}.bin + 2010-08-07 12:09 . 2010-08-07 17:09 2452 c:\windows\SoftwareDistribution\EventCache\{79756F80-A60F-463B-95C7-23A199F2F22B}.bin + 2010-08-08 08:10 . 2010-08-08 13:10 2452 c:\windows\SoftwareDistribution\EventCache\{4648F413-8141-4B45-9277-FBFBD1B0F166}.bin + 2010-08-09 04:10 . 2010-08-09 09:10 2452 c:\windows\SoftwareDistribution\EventCache\{0268B84F-C11F-40EF-ADF6-9C15D6D7650F}.bin + 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2010-08-08 19:08 . 2010-07-07 01:27 887724 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ativva6x.dat + 2010-08-08 19:08 . 2010-07-07 01:33 109092 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atipdlxx.dll + 2010-08-08 19:08 . 2010-07-07 01:24 194349 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiok3x2.dll + 2010-08-08 19:08 . 2010-07-07 01:25 306873 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atikvmag.dll + 2010-08-08 19:08 . 2010-07-07 01:50 311296 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiiiexx.dll + 2010-08-08 19:08 . 2010-05-11 20:42 205156 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiicdxx.dat + 2010-08-08 19:08 . 2010-07-07 01:48 446464 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atidemgx.dll + 2010-08-08 19:08 . 2010-07-07 01:24 101570 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiadlxx.dll + 2010-08-08 19:08 . 2010-07-07 01:31 317754 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2evxx.exe + 2010-08-08 19:08 . 2010-07-07 01:47 188030 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2dvag.dll + 2010-08-08 19:08 . 2010-07-07 01:19 362057 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2cqag.dll + 2007-06-02 02:26 . 2009-02-18 17:55 294912 c:\windows\system32\ATIODE.exe + 2010-08-08 19:09 . 2010-08-08 19:09 718336 c:\windows\Installer\b9ada9c.msi + 2010-08-08 19:08 . 2010-08-08 19:08 219648 c:\windows\Installer\b9ada8b.msi + 2010-08-08 19:09 . 2010-08-08 19:09 238223 c:\windows\Installer\{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}\ARPPRODUCTICON.exe + 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2010-08-08 19:08 . 2010-07-07 01:28 1104942 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ativvaxx.dll + 2010-08-08 19:08 . 2010-07-07 01:53 6723831 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atioglxx.dll + 2010-08-08 19:08 . 2010-07-07 01:57 2055374 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\aticaldd.dll + 2010-08-08 19:08 . 2010-07-07 01:41 2043007 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati3duag.dll + 2010-08-08 19:08 . 2010-07-07 02:27 3379320 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2mtag.sys + 2007-06-15 01:58 . 2010-07-07 02:27 5069312 c:\windows\system32\dllcache\ati2mtag.sys + 2010-08-08 19:08 . 2010-08-08 19:08 1597440 c:\windows\Installer\b9ada94.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Devlish^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Devlish\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2010-05-18 20:41 1311312 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-07-21 21:32 136176 ----atw- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent] 2005-04-13 15:46 751104 ----a-w- c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] 2002-02-05 03:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-09-19 10:14 16844800 ------r- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0330Mon.exe] 2007-04-30 06:03 32768 ----a-w- c:\windows\V0330Mon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr] 2005-02-17 04:03 106496 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] 2004-03-18 13:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "helpsvc"=2 (0x2) "ERSvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10170-to-0.2.0.10179-enUS-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10433-to-0.2.2.10468-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"= "c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"= "c:\\Program Files\\Electronic Arts\\Armies of Exigo\\Exigo.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [7/1/2008 9:42 AM 8960] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2010 6:38 PM 136176] S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/7/2010 7:49 AM 10448] S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472] S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2/22/2009 6:35 AM 157696] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6/21/2008 9:13 AM 158720] S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6/21/2008 9:13 AM 5248] . Contents of the 'Scheduled Tasks' folder 2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38] 2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38] 2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003Core.job - c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32] 2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003UA.job - c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.orbitdownloader.com uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html FF - ProfilePath - c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/ FF - component: c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-09 08:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys >>UNKNOWN [0x8A6C6A17]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28 \Driver\ACPI -> ACPI.sys @ 0xf75aecb8 \Driver\atapi -> atapi.sys @ 0xf74a0852 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7439bb0 PacketIndicateHandler -> NDIS.sys @ 0xf7446a21 SendHandler -> NDIS.sys @ 0xf742487b user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%] @Class="Shell" [HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%\OpenWithList] @Class="Shell" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(948) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\AlienGUIse\fastload.dll . Completion time: 2010-08-09 08:57:22 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-09 12:57 ComboFix2.txt 2010-08-06 13:15 Pre-Run: 225,844,674,560 bytes free Post-Run: 225,830,178,816 bytes free - - End Of File - - 93D012604763E63EDC0AB11C1DB1CBAD
  13. Antivirus Version Last Update Result a-squared 5.0.0.31 2010.07.11 - AhnLab-V3 2010.07.10.00 2010.07.09 - AntiVir 8.2.4.10 2010.07.09 - Antiy-AVL 2.0.3.7 2010.07.09 - Authentium 5.2.0.5 2010.07.10 - Avast 4.8.1351.0 2010.07.10 - Avast5 5.0.332.0 2010.07.10 - AVG 9.0.0.836 2010.07.11 - BitDefender 7.2 2010.07.11 - CAT-QuickHeal 11.00 2010.07.10 - ClamAV 0.96.0.3-git 2010.07.11 - Comodo 5390 2010.07.11 - DrWeb 5.0.2.03300 2010.07.11 - eSafe 7.0.17.0 2010.07.08 - eTrust-Vet 36.1.7696 2010.07.10 - F-Prot 4.6.1.107 2010.07.10 - F-Secure 9.0.15370.0 2010.07.11 - Fortinet 4.1.143.0 2010.07.10 - GData 21 2010.07.11 - Ikarus T3.1.1.84.0 2010.07.11 - Jiangmin 13.0.900 2010.07.11 - Kaspersky 7.0.0.125 2010.07.11 - McAfee 5.400.0.1158 2010.07.11 - McAfee-GW-Edition 2010.1 2010.07.05 - Microsoft 1.5902 2010.07.11 - NOD32 5268 2010.07.11 - Norman 6.05.11 2010.07.10 - nProtect 2010-07-11.01 2010.07.11 - Panda 10.0.2.7 2010.07.11 - PCTools 7.0.3.5 2010.07.11 - Prevx 3.0 2010.07.11 - Rising 22.55.04.04 2010.07.09 - Sophos 4.55.0 2010.07.11 - Sunbelt 6566 2010.07.10 - Symantec 20101.1.0.89 2010.07.11 - TheHacker 6.5.2.1.311 2010.07.11 - TrendMicro 9.120.0.1004 2010.07.11 - TrendMicro-HouseCall 9.120.0.1004 2010.07.11 - VBA32 3.12.12.6 2010.07.09 - ViRobot 2010.6.29.3912 2010.07.10 - VirusBuster 5.0.27.0 2010.07.10 - Additional information File size: 221184 bytes MD5 : c5b41140dbda488a02e8d33b5ff95686 SHA1 : afe8b6f3a90faa8148e55a43d789872dbfa3b527 SHA256: 6bc4e07e07c4ddee6c4e16b0d52185dced6f239dfe9ab5708c62a205ad6e570a PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x19A8C timedatestamp.....: 0x4802A154 (Mon Apr 14 02:12:04 2008) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2C693 0x2D000 6.31 1ff9fee2a0f7fabf2b586ec7de490f5c .data 0x2E000 0x40F0 0x3000 5.64 591a726c846a969a897745f7c6b83b2c .rsrc 0x33000 0x3D8 0x1000 1.04 531c61bac95b2927128896d55f9d44f7 .reloc 0x34000 0x3B42 0x4000 4.18 939ad9306eff984cd68074481419921c ( 10 imports ) > advapi32.dll: RegCreateKeyExA, RegCreateKeyExW, RegOpenKeyExA, RegOpenKeyExW, RegQueryValueExA, RegQueryValueExW, RegCloseKey > comctl32.dll: InitCommonControlsEx > gdi32.dll: SelectPalette, RealizePalette, RectVisible, SetDIBitsToDevice, StretchDIBits, MaskBlt, StretchBlt, CreateDIBSection, GetDIBColorTable, GetDeviceCaps, GetObjectW, GetObjectType, GetObjectA, CreateICW, CreateICA, GetClipBox, CreateCompatibleDC, SelectClipRgn, SelectObject, OffsetViewportOrgEx, DeleteDC, SetRectRgn, CreateRectRgnIndirect, DeleteObject > kernel32.dll: CompareStringW, GetDriveTypeA, GetDriveTypeW, QueryDosDeviceA, QueryDosDeviceW, GetWindowsDirectoryW, GetLocaleInfoW, GetLocaleInfoA, GetVersionExW, lstrcpyW, lstrcatW, LoadLibraryW, lstrcpynW, GetModuleHandleW, GetModuleFileNameW, GetModuleFileNameA, GetFileAttributesW, GetFileAttributesA, lstrlenA, CloseHandle, GetCurrentThreadId, WaitForSingleObject, SetEvent, FlushInstructionCache, GetCurrentProcess, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, InterlockedDecrement, SetLastError, GetLastError, FreeLibrary, SetErrorMode, GetProcAddress, GetExitCodeThread, CreateFileW, CreateFileA, DeviceIoControl, GetVersion, GetUserDefaultLangID, CreateThread, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, DisableThreadLibraryCalls, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, CreateEventW, CreateEventA, CompareStringA, GetModuleHandleA, GetWindowsDirectoryA, lstrlenW, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, VirtualAlloc, VirtualFree, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, SetUnhandledExceptionFilter, UnhandledExceptionFilter > mpr.dll: WNetGetConnectionW, WNetGetConnectionA, WNetCancelConnection2W, WNetAddConnection2W > msvcrt.dll: wcsstr, _wcsnicmp, _wtol, _vsnwprintf, wcschr, wcspbrk, iswspace, memmove, wcslen, wcsncmp, towupper, _wcsicmp, wcsrchr, vswprintf, _beginthreadex, _wtoi, iswdigit, wcscmp, _snwprintf, wcsncpy, __3@YAXPAX@Z, _onexit, __dllonexit, _adjust_fdiv, malloc, _initterm, free, _purecall, _except_handler3, __2@YAPAXI@Z > ole32.dll: CoUninitialize, CoFreeUnusedLibraries, CoInitialize, CoCreateInstance > oleaut32.dll: -, -, -, -, -, -, - > shlwapi.dll: PathGetCharTypeW, PathGetCharTypeA > user32.dll: MessageBoxA, MessageBoxW, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostThreadMessageA, PostThreadMessageW, RegisterClassExA, RegisterClassExW, UnregisterClassA, UnregisterClassW, RegisterWindowMessageA, SendMessageW, SetWindowLongA, SetWindowLongW, wvsprintfW, GetMonitorInfoA, GetMonitorInfoW, CharNextW, GetCapture, ReleaseCapture, SetCapture, GetFocus, SetFocus, IsWindowVisible, GetDC, ReleaseDC, InvalidateRect, InvalidateRgn, PtInRect, MonitorFromRect, WindowFromDC, LoadCursorW, GetWindowTextW, GetWindowTextA, GetWindowLongW, GetWindowLongA, GetMessageW, GetMessageA, GetClassNameA, GetClassLongA, GetClassInfoExW, GetClassInfoExA, DispatchMessageW, DispatchMessageA, DefWindowProcW, DefWindowProcA, CreateWindowExW, CreateWindowExA, GetSystemMetrics, CharNextA, GetCursorPos, MapWindowPoints, CallWindowProcW, CallWindowProcA, BeginPaint, CopyRect, LoadCursorA, OffsetRect, EndPaint, IsChild, ShowWindow, GetClientRect, SetWindowPos, GetParent, GetWindowRect, TranslateMessage, SetParent, IsWindow, DestroyWindow, BringWindowToTop, SendMessageA ( 1 exports ) > DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, _Java_WMPNS_EventThread_CheckEvents@8, _Java_WMPNS_EventThread_GetThreadID@8, _Java_WMPNS_EventThread_kill@12, _Java_WMPNS_IWMPCdromCollection_equalsNative@20, _Java_WMPNS_IWMPCdromCollection_getByDriveSpecifierNative@20, _Java_WMPNS_IWMPCdromCollection_getCountNative@16, _Java_WMPNS_IWMPCdromCollection_itemNative@24, _Java_WMPNS_IWMPCdrom_ejectNative@16, _Java_WMPNS_IWMPCdrom_equalsNative@20, _Java_WMPNS_IWMPCdrom_getDriveSpecifierNative@16, _Java_WMPNS_IWMPCdrom_getPlaylistNative@16, _Java_WMPNS_IWMPClosedCaption_equalsNative@20, _Java_WMPNS_IWMPClosedCaption_getCaptioningIDNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIFileNameNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangIDNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNative@16, _Java_WMPNS_IWMPClosedCaption_setCaptioningIDNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIFileNameNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMILangNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIStyleNative@20, _Java_WMPNS_IWMPControls_equalsNative@20, _Java_WMPNS_IWMPControls_fastForwardNative@16, _Java_WMPNS_IWMPControls_fastReverseNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageCountNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageDescriptionNative@24, _Java_WMPNS_IWMPControls_getAudioLanguageIDNative@24, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageIndexNative@16, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageNative@16, _Java_WMPNS_IWMPControls_getCurrentItemNative@16, _Java_WMPNS_IWMPControls_getCurrentMarkerNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionStringNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionTimecodeNative@16, _Java_WMPNS_IWMPControls_getLanguageNameNative@24, _Java_WMPNS_IWMPControls_isAvailableNative@20, _Java_WMPNS_IWMPControls_nextNative@16, _Java_WMPNS_IWMPControls_pauseNative@16, _Java_WMPNS_IWMPControls_playItemNative@20, _Java_WMPNS_IWMPControls_playNative@16, _Java_WMPNS_IWMPControls_previousNative@16, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageIndexNative@24, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageNative@24, _Java_WMPNS_IWMPControls_setCurrentItemNative@20, _Java_WMPNS_IWMPControls_setCurrentMarkerNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionTimecodeNative@20, _Java_WMPNS_IWMPControls_stepNative@24, _Java_WMPNS_IWMPControls_stopNative@16, _Java_WMPNS_IWMPDVD_backNative@16, _Java_WMPNS_IWMPDVD_equalsNative@20, _Java_WMPNS_IWMPDVD_getDomainNative@16, _Java_WMPNS_IWMPDVD_isAvailableNative@20, _Java_WMPNS_IWMPDVD_resumeNative@16, _Java_WMPNS_IWMPDVD_titleMenuNative@16, _Java_WMPNS_IWMPDVD_topMenuNative@16, _Java_WMPNS_IWMPErrorItem_equalsNative@20, _Java_WMPNS_IWMPErrorItem_getConditionNative@16, _Java_WMPNS_IWMPErrorItem_getCustomUrlNative@16, _Java_WMPNS_IWMPErrorItem_getErrorCodeNative@16, _Java_WMPNS_IWMPErrorItem_getErrorContextNative@16, _Java_WMPNS_IWMPErrorItem_getErrorDescriptionNative@16, _Java_WMPNS_IWMPErrorItem_getRemedyNative@16, _Java_WMPNS_IWMPError_clearErrorQueueNative@16, _Java_WMPNS_IWMPError_equalsNative@20, _Java_WMPNS_IWMPError_getErrorCountNative@16, _Java_WMPNS_IWMPError_itemNative@24, _Java_WMPNS_IWMPError_webHelpNative@16, _Java_WMPNS_IWMPMediaCollection_addNative@20, _Java_WMPNS_IWMPMediaCollection_equalsNative@20, _Java_WMPNS_IWMPMediaCollection_getAllNative@16, _Java_WMPNS_IWMPMediaCollection_getAttributeStringCollectionNative@24, _Java_WMPNS_IWMPMediaCollection_getByAlbumNative@20, _Java_WMPNS_IWMPMediaCollection_getByAttributeNative@24, _Java_WMPNS_IWMPMediaCollection_getByAuthorNative@20, _Java_WMPNS_IWMPMediaCollection_getByGenreNative@20, _Java_WMPNS_IWMPMediaCollection_getByNameNative@20, _Java_WMPNS_IWMPMediaCollection_getMediaAtomNative@20, _Java_WMPNS_IWMPMediaCollection_isDeletedNative@20, _Java_WMPNS_IWMPMediaCollection_removeNative@24, _Java_WMPNS_IWMPMediaCollection_setDeletedNative@24, _Java_WMPNS_IWMPMedia_equalsNative@20, _Java_WMPNS_IWMPMedia_getAttributeCountByTypeNative@24, _Java_WMPNS_IWMPMedia_getAttributeCountNative@16, _Java_WMPNS_IWMPMedia_getAttributeNameNative@24, _Java_WMPNS_IWMPMedia_getDurationNative@16, _Java_WMPNS_IWMPMedia_getDurationStringNative@16, _Java_WMPNS_IWMPMedia_getErrorNative@16, _Java_WMPNS_IWMPMedia_getImageSourceHeightNative@16, _Java_WMPNS_IWMPMedia_getImageSourceWidthNative@16, _Java_WMPNS_IWMPMedia_getItemInfoByAtomNative@24, _Java_WMPNS_IWMPMedia_getItemInfoByTypeNative@32, _Java_WMPNS_IWMPMedia_getItemInfoNative@20, _Java_WMPNS_IWMPMedia_getMarkerCountNative@16, _Java_WMPNS_IWMPMedia_getMarkerNameNative@24, _Java_WMPNS_IWMPMedia_getMarkerTimeNative@24, _Java_WMPNS_IWMPMedia_getNameNative@16, _Java_WMPNS_IWMPMedia_getSourceURLNative@16, _Java_WMPNS_IWMPMedia_isIdenticalNative@20, _Java_WMPNS_IWMPMedia_isMemberOfNative@20, _Java_WMPNS_IWMPMedia_isReadOnlyItemNative@20, _Java_WMPNS_IWMPMedia_setItemInfoNative@24, _Java_WMPNS_IWMPMedia_setNameNative@20, _Java_WMPNS_IWMPNetwork_equalsNative@20, _Java_WMPNS_IWMPNetwork_getBandWidthNative@16, _Java_WMPNS_IWMPNetwork_getBitRateNative@16, _Java_WMPNS_IWMPNetwork_getBufferingCountNative@16, _Java_WMPNS_IWMPNetwork_getBufferingProgressNative@16, _Java_WMPNS_IWMPNetwork_getBufferingTimeNative@16, _Java_WMPNS_IWMPNetwork_getDownloadProgressNative@16, _Java_WMPNS_IWMPNetwork_getEncodedFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFramesSkippedNative@16, _Java_WMPNS_IWMPNetwork_getLostPacketsNative@16, _Java_WMPNS_IWMPNetwork_getMaxBandwidthNative@16, _Java_WMPNS_IWMPNetwork_getMaxBitRateNative@16, _Java_WMPNS_IWMPNetwork_getProxyBypassForLocalNative@20, _Java_WMPNS_IWMPNetwork_getProxyExceptionListNative@20, _Java_WMPNS_IWMPNetwork_getProxyNameNative@20, _Java_WMPNS_IWMPNetwork_getProxyPortNative@20, _Java_WMPNS_IWMPNetwork_getProxySettingsNative@20, _Java_WMPNS_IWMPNetwork_getReceivedPacketsNative@16, _Java_WMPNS_IWMPNetwork_getReceptionQualityNative@16, _Java_WMPNS_IWMPNetwork_getRecoveredPacketsNative@16, _Java_WMPNS_IWMPNetwork_getSourceProtocolNative@16, _Java_WMPNS_IWMPNetwork_setBufferingTimeNative@24, _Java_WMPNS_IWMPNetwork_setMaxBandwidthNative@24, _Java_WMPNS_IWMPNetwork_setProxyBypassForLocalNative@24, _Java_WMPNS_IWMPNetwork_setProxyExceptionListNative@24, _Java_WMPNS_IWMPNetwork_setProxyNameNative@24, _Java_WMPNS_IWMPNetwork_setProxyPortNative@28, _Java_WMPNS_IWMPNetwork_setProxySettingsNative@28, _Java_WMPNS_IWMPPlayerApplication_equalsNative@20, _Java_WMPNS_IWMPPlayerApplication_getHasDisplayNative@16, _Java_WMPNS_IWMPPlayerApplication_getPlayerDockedNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToControlNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_closeNative@16, _Java_WMPNS_IWMPPlayer_equalsNative@20, _Java_WMPNS_IWMPPlayer_getCdromCollectionNative@16, _Java_WMPNS_IWMPPlayer_getClosedCaptionNative@16, _Java_WMPNS_IWMPPlayer_getControlsNative@16, _Java_WMPNS_IWMPPlayer_getCurrentMediaNative@16, _Java_WMPNS_IWMPPlayer_getCurrentPlaylistNative@16, _Java_WMPNS_IWMPPlayer_getDvdNative@16, _Java_WMPNS_IWMPPlayer_getEnableContextMenuNative@16, _Java_WMPNS_IWMPPlayer_getEnabledNative@16, _Java_WMPNS_IWMPPlayer_getErrorNative@16, _Java_WMPNS_IWMPPlayer_getFullScreenNative@16, _Java_WMPNS_IWMPPlayer_getIsOnlineNative@16, _Java_WMPNS_IWMPPlayer_getIsRemoteNative@16, _Java_WMPNS_IWMPPlayer_getMediaCollectionNative@16, _Java_WMPNS_IWMPPlayer_getNetworkNative@16, _Java_WMPNS_IWMPPlayer_getOpenStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_getPlaylistCollectionNative@16, _Java_WMPNS_IWMPPlayer_getSettingsNative@16, _Java_WMPNS_IWMPPlayer_getStatusNative@16, _Java_WMPNS_IWMPPlayer_getStretchToFitNative@16, _Java_WMPNS_IWMPPlayer_getURLNative@16, _Java_WMPNS_IWMPPlayer_getUiModeNative@16, _Java_WMPNS_IWMPPlayer_getVersionInfoNative@16, _Java_WMPNS_IWMPPlayer_getWindowlessVideoNative@16, _Java_WMPNS_IWMPPlayer_launchURLNative@20, _Java_WMPNS_IWMPPlayer_newMediaNative@20, _Java_WMPNS_IWMPPlayer_newPlaylistNative@24, _Java_WMPNS_IWMPPlayer_openPlayerNative@20, _Java_WMPNS_IWMPPlayer_setCurrentMediaNative@20, _Java_WMPNS_IWMPPlayer_setCurrentPlaylistNative@20, _Java_WMPNS_IWMPPlayer_setEnableContextMenuNative@20, _Java_WMPNS_IWMPPlayer_setEnabledNative@20, _Java_WMPNS_IWMPPlayer_setFullScreenNative@20, _Java_WMPNS_IWMPPlayer_setStretchToFitNative@20, _Java_WMPNS_IWMPPlayer_setURLNative@20, _Java_WMPNS_IWMPPlayer_setUiModeNative@20, _Java_WMPNS_IWMPPlayer_setWindowlessVideoNative@20, _Java_WMPNS_IWMPPlaylistArray_equalsNative@20, _Java_WMPNS_IWMPPlaylistArray_getCountNative@16, _Java_WMPNS_IWMPPlaylistArray_itemNative@24, _Java_WMPNS_IWMPPlaylistCollection_equalsNative@20, _Java_WMPNS_IWMPPlaylistCollection_getAllNative@16, _Java_WMPNS_IWMPPlaylistCollection_getByNameNative@20, _Java_WMPNS_IWMPPlaylistCollection_importPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_isDeletedNative@20, _Java_WMPNS_IWMPPlaylistCollection_newPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_removeNative@20, _Java_WMPNS_IWMPPlaylistCollection_setDeletedNative@24, _Java_WMPNS_IWMPPlaylist_appendItemNative@20, _Java_WMPNS_IWMPPlaylist_clearNative@16, _Java_WMPNS_IWMPPlaylist_equalsNative@20, _Java_WMPNS_IWMPPlaylist_getAttributeCountNative@16, _Java_WMPNS_IWMPPlaylist_getAttributeNameNative@24, _Java_WMPNS_IWMPPlaylist_getCountNative@16, _Java_WMPNS_IWMPPlaylist_getItemInfoNative@20, _Java_WMPNS_IWMPPlaylist_getNameNative@16, _Java_WMPNS_IWMPPlaylist_insertItemNative@28, _Java_WMPNS_IWMPPlaylist_isIdenticalNative@20, _Java_WMPNS_IWMPPlaylist_itemNative@24, _Java_WMPNS_IWMPPlaylist_moveItemNative@32, _Java_WMPNS_IWMPPlaylist_removeItemNative@20, _Java_WMPNS_IWMPPlaylist_setItemInfoNative@24, _Java_WMPNS_IWMPPlaylist_setNameNative@20, _Java_WMPNS_IWMPSettings_equalsNative@20, _Java_WMPNS_IWMPSettings_getAutoStartNative@16, _Java_WMPNS_IWMPSettings_getBalanceNative@16, _Java_WMPNS_IWMPSettings_getBaseURLNative@16, _Java_WMPNS_IWMPSettings_getDefaultAudioLanguageNative@16, _Java_WMPNS_IWMPSettings_getDefaultFrameNative@16, _Java_WMPNS_IWMPSettings_getEnableErrorDialogsNative@16, _Java_WMPNS_IWMPSettings_getInvokeURLsNative@16, _Java_WMPNS_IWMPSettings_getMediaAccessRightsNative@16, _Java_WMPNS_IWMPSettings_getModeNative@20, _Java_WMPNS_IWMPSettings_getMuteNative@16, _Java_WMPNS_IWMPSettings_getPlayCountNative@16, _Java_WMPNS_IWMPSettings_getRateNative@16, _Java_WMPNS_IWMPSettings_getVolumeNative@16, _Java_WMPNS_IWMPSettings_isAvailableNative@20, _Java_WMPNS_IWMPSettings_requestMediaAccessRightsNative@20, _Java_WMPNS_IWMPSettings_setAutoStartNative@20, _Java_WMPNS_IWMPSettings_setBalanceNative@24, _Java_WMPNS_IWMPSettings_setBaseURLNative@20, _Java_WMPNS_IWMPSettings_setDefaultFrameNative@20, _Java_WMPNS_IWMPSettings_setEnableErrorDialogsNative@20, _Java_WMPNS_IWMPSettings_setInvokeURLsNative@20, _Java_WMPNS_IWMPSettings_setModeNative@24, _Java_WMPNS_IWMPSettings_setMuteNative@20, _Java_WMPNS_IWMPSettings_setPlayCountNative@24, _Java_WMPNS_IWMPSettings_setRateNative@24, _Java_WMPNS_IWMPSettings_setVolumeNative@24, _Java_WMPNS_IWMPStringCollection_equalsNative@20, _Java_WMPNS_IWMPStringCollection_getCountNative@16, _Java_WMPNS_IWMPStringCollection_itemNative@24, _Java_WMPNS_WMP_debug@12, _Java_WMPNS_WMP_getAppletHWND@8, _Java_WMPNS_WMP_getPlayer@12, _Java_WMPNS_WMP_getTargetHWND@12, _Java_WMPNS_WMP_killThread@12, _Java_WMPNS_WMP_spawnThread@16 TrID : File type identification DirectShow filter (43.0%) Windows OCX File (26.3%) Win64 Executable Generic (18.2%) Win32 Executable MS Visual C++ (generic) (8.0%) Win32 Executable Generic (1.8%) ssdeep: 3072:79oJZcTUKXq1KgL3PigjjjRJ5mDA0eWQztbEQ6uFLd:ecTbuKgTP75mDbeWQztbOuF sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft® Windows Media Player description..: Windows Media Player Applet Support DLL original name: WMPNS.DLL internal name: WMPNS.DLL file version.: 9.00.00.4503 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD : - RDS : NSRL Reference Data Set -
  14. I'm still getting browser redirects from search engines.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.