Jump to content

lingering infection


Recommended Posts

I recently got infected with a bunch of nasty stuff.. A bunch of malware and viruses. They even got my world of warcraft account info and cleaned me out :). With the help several tools I believe I have removed almost all of it. I'm still having search engine redirects and problems with windows components acting screwy. mainly explorer.exe and svchost.exe. here is the dds report

Thanks!

DDS (Ver_10-03-17.01) - NTFSx86

Run by Devlish at 15:22:16.43 on Sun 07/25/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1538 [GMT -4:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Devlish\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll

BHO: Trillian Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: Trillian Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"

mRun: [skyTel] SkyTel.EXE

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Add to AMV Convert Tool... - c:\program files\mp3 player utilities 4.00\amvconverter\grab.html

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm

IE: Add to Media Manager... - c:\program files\mp3 player utilities 4.00\mediamanager\grab.html

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: klogon - c:\windows\system32\klogon.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

Notify: WB - c:\program files\alienguise\fastload.dll

AppInit_DLLs: c:\windows\system32\wbsys.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\devlish\applic~1\mozilla\firefox\profiles\sh4zei83.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/

FF - component: c:\documents and settings\devlish\application data\mozilla\firefox\profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll

FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\documents and settings\devlish\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-7-23 315408]

R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-7-7 10448]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

S0 ccoxdmgu;ccoxdmgu;c:\windows\system32\drivers\yocgnxgs.sys --> c:\windows\system32\drivers\yocgnxgs.sys [?]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [2008-7-1 8960]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-22 136176]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-21 30104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-21 30104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2009-2-22 157696]

S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-6-21 158720]

S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-6-21 5248]

=============== Created Last 30 ================

2010-07-25 19:17:07 28 ----a-w- c:\documents and settings\devlish\defogger_reenable

2010-07-24 00:53:48 0 d-----w- c:\program files\Sun

2010-07-24 00:38:04 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-07-24 00:38:04 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-07-24 00:37:31 0 d-----w- c:\program files\common files\DivX Shared

2010-07-24 00:34:44 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX

2010-07-23 23:06:30 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-07-23 23:06:30 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-07-23 23:05:45 0 d-----w- c:\program files\Kaspersky Lab

2010-07-23 23:05:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab

2010-07-23 23:02:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

2010-07-23 17:53:57 54016 ----a-w- c:\windows\system32\drivers\xkix.sys

2010-07-22 21:43:04 0 d-----w- c:\program files\FileASSASSIN

2010-07-22 20:45:46 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2010-07-22 20:45:45 0 d-----w- c:\program files\McAfee Security Scan

2010-07-21 19:51:45 50968 ----a-w- c:\windows\system32\avgfwdx.dll

2010-07-21 19:51:45 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys

2010-07-21 19:50:30 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2010-07-21 19:13:07 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-07-21 19:13:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-07-21 18:07:42 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-07-21 18:07:42 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-07-21 18:07:42 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-07-21 18:07:42 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-07-21 18:07:42 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2010-07-21 18:07:41 0 d-----w- c:\program files\Trojan Remover

2010-07-21 18:07:41 0 d-----w- c:\docume~1\devlish\applic~1\Simply Super Software

2010-07-21 18:07:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software

2010-07-21 18:06:35 0 d-----w- c:\program files\Uniblue

2010-07-21 14:04:30 35840 ----a-w- c:\windows\system32\drivers\isapnp.sys

2010-07-20 19:15:40 77312 ----a-w- c:\windows\MBR.exe

2010-07-20 19:15:40 256512 ----a-w- c:\windows\PEV.exe

2010-07-20 13:26:55 120 ----a-w- c:\windows\Wlivebu.dat

2010-07-20 13:26:55 0 ----a-w- c:\windows\Anicoxosokara.bin

2010-07-20 13:25:16 766976 ----a-w- c:\windows\system32\drivers\uiahtpkw.sys.vir

2010-07-20 13:25:08 150 ----a-w- C:\zrpt.xml

2010-07-14 17:23:19 0 d-----w- c:\program files\Bethesda Softworks

2010-07-07 11:49:27 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2010-07-07 11:49:27 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-07-07 11:49:25 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-07-07 11:49:02 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys

2010-07-07 11:48:27 0 d-----w- c:\docume~1\devlish\applic~1\Logishrd

==================== Find3M ====================

2010-06-09 23:01:10 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2010-06-09 23:01:10 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2010-06-09 23:01:10 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys

2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll

2010-04-28 22:29:24 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll

============= FINISH: 15:23:00.65 ===============

Attach.zip

Link to post
Share on other sites

  • 2 weeks later...

Hello melting22! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

I'm so sorry about your WOW account! :rolleyes:

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please, uninstall the following applications:

  1. Ask Toolbar
  2. Uniblue ProcessScanner
  3. McAfee Security Scan Plus

You can read, how to do this here:

Step 3

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. JavaRa log
  2. Malwarebytes' Anti-Malware log
  3. a new fresh DDS log only

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

combofix is not running all the way through. its stopping at the "scanning for infected files...." stage. i let it sit there for like 45 minutes then opened task manager to see what was going on and it looked like 2 processes were running mbr.cfxxe and cf30084.cfxxe. neither of them were doing anything cpu-wise

Link to post
Share on other sites

As you can see it found and killed something. still getting redirects tho. also... combo fix installed some kind of drivers when it was completing. is this normal?? catchme.sys and 1 or 2 others

ComboFix 10-08-05.06 - Devlish 08/06/2010 8:54.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1646 [GMT -4:00]

Running from: c:\documents and settings\Devlish\Desktop\Combo-Fix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\NetworkService\Local Settings\Application Data\wvndoyfjo

c:\documents and settings\NetworkService\Local Settings\Application Data\wvndoyfjo\xpbrjewtssd.exe

.

((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))

.

2010-08-06 06:19 . 2010-08-06 06:19 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcp71.dll

2010-08-06 06:19 . 2010-08-06 06:19 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\jmc.dll

2010-08-06 06:19 . 2010-08-06 06:19 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcr71.dll

2010-08-06 06:19 . 2010-08-06 06:19 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-sse.dll

2010-08-06 06:19 . 2010-08-06 06:19 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-d3d.dll

2010-07-29 20:43 . 2008-04-14 09:42 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-07-29 20:36 . 2008-04-14 09:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-07-29 20:35 . 2008-04-14 09:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll

2010-07-27 18:28 . 2010-07-27 18:28 388096 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-07-27 18:28 . 2010-07-27 18:28 -------- d-----w- c:\program files\Trend Micro

2010-07-27 12:21 . 2010-07-27 12:21 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-26 23:24 . 2010-07-27 00:41 -------- d-----w- c:\program files\World of Warcraft

2010-07-26 00:05 . 2010-07-26 00:05 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-26 00:05 . 2010-07-26 00:05 -------- d-----w- c:\program files\Java

2010-07-24 00:41 . 2010-07-24 00:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-07-24 00:37 . 2010-07-24 00:37 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-07-24 00:37 . 2010-07-24 00:37 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

2010-07-24 00:34 . 2010-07-24 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-07-23 23:18 . 2010-07-23 23:18 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll

2010-07-23 23:18 . 2010-07-23 23:18 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll

2010-07-23 23:18 . 2010-07-23 23:18 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll

2010-07-23 23:18 . 2010-07-23 23:18 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll

2010-07-23 23:18 . 2010-07-23 23:18 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll

2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll

2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll

2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys

2010-07-23 23:17 . 2010-07-23 23:17 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll

2010-07-23 23:02 . 2010-07-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-07-23 17:53 . 2010-07-23 17:53 54016 ----a-w- c:\windows\system32\drivers\xkix.sys

2010-07-22 22:43 . 2010-07-22 22:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-07-22 22:38 . 2010-07-22 22:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-07-22 22:38 . 2010-07-22 22:39 -------- d-----w- c:\program files\Google

2010-07-22 21:43 . 2010-07-22 21:43 -------- d-----w- c:\program files\FileASSASSIN

2010-07-22 20:49 . 2010-07-22 20:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-07-22 20:45 . 2010-07-22 20:45 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe

2010-07-22 19:37 . 2010-08-03 15:58 13104 ----a-w- c:\documents and settings\Devlish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-22 19:36 . 2010-07-22 19:36 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Sunbelt Software

2010-07-21 21:52 . 2010-07-21 21:52 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcp71.dll

2010-07-21 21:52 . 2010-07-21 21:52 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\jmc.dll

2010-07-21 21:52 . 2010-07-21 21:52 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcr71.dll

2010-07-21 21:52 . 2010-07-21 21:52 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-sse.dll

2010-07-21 21:52 . 2010-07-21 21:52 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-d3d.dll

2010-07-21 21:32 . 2010-07-28 19:37 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Temp

2010-07-21 21:32 . 2010-07-22 22:39 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Google

2010-07-21 19:51 . 2010-07-21 19:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll

2010-07-21 19:51 . 2010-07-21 19:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys

2010-07-21 19:50 . 2010-07-21 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-21 19:13 . 2010-07-21 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-21 19:13 . 2010-07-21 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-07-21 18:08 . 2010-07-23 18:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-21 14:56 . 2010-07-21 14:56 -------- d-s---w- c:\documents and settings\LocalService\UserData

2010-07-21 14:04 . 2008-04-14 04:06 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys

2010-07-21 00:29 . 2010-07-21 00:29 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-07-14 17:28 . 2010-07-14 17:28 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Fallout3

2010-07-14 17:23 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe

2010-07-14 17:23 . 2010-07-14 17:23 -------- d-----w- c:\program files\Bethesda Softworks

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-06 13:05 . 2010-07-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-08-06 12:43 . 2009-08-04 20:57 -------- d-----w- c:\program files\Trillian

2010-07-29 19:59 . 2010-07-23 23:06 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-07-29 19:59 . 2010-07-23 23:06 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-07-27 18:43 . 2008-07-26 16:04 -------- d-----w- c:\program files\DivX

2010-07-27 00:41 . 2008-03-25 22:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2010-07-25 23:49 . 2008-04-01 18:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Orbit

2010-07-25 23:49 . 2008-02-07 01:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-07-25 23:47 . 2008-09-01 06:16 -------- d-----w- c:\program files\Common Files\Java

2010-07-24 05:25 . 2010-07-24 00:38 -------- d-----w- c:\documents and settings\Devlish\Application Data\DivX

2010-07-24 00:38 . 2010-07-24 00:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

2010-07-24 00:34 . 2010-07-24 00:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-07-24 00:34 . 2010-07-24 00:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-07-23 23:17 . 2010-07-23 23:17 133648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll

2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll

2010-07-23 23:17 . 2010-07-23 23:17 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll

2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll

2010-07-23 23:17 . 2010-07-23 23:17 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll

2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys

2010-07-23 23:05 . 2010-07-23 23:05 -------- d-----w- c:\program files\Kaspersky Lab

2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\program files\Lavasoft

2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-07-22 21:55 . 2010-03-23 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-22 18:59 . 2010-03-31 12:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-21 21:07 . 2010-02-09 22:08 -------- d-----w- c:\documents and settings\Devlish\Application Data\Qunuze

2010-07-20 19:29 . 2009-09-03 12:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Irocka

2010-07-16 11:35 . 2009-06-27 17:12 -------- d-----w- c:\documents and settings\Devlish\Application Data\Edtuag

2010-07-14 17:23 . 2010-04-22 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3

2010-07-14 17:23 . 2008-02-05 13:34 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-07 19:19 . 2010-07-07 11:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logitech

2010-07-07 11:49 . 2010-07-07 11:49 -------- d-----w- c:\documents and settings\Devlish\Application Data\Leadertech

2010-07-07 11:49 . 2010-07-07 11:49 53248 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\program files\Common Files\LogiShrd

2010-07-07 11:49 . 2010-07-07 11:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd

2010-07-07 11:48 . 2008-05-28 14:47 -------- d-----w- c:\program files\Logitech

2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logishrd

2010-06-18 15:34 . 2010-06-18 15:34 -------- d-----w- c:\documents and settings\Devlish\Application Data\Moyea

2010-06-18 15:19 . 2010-06-18 15:19 766 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_294823.exe

2010-06-18 15:19 . 2010-06-18 15:19 2238 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_4ae13d6c.exe

2010-06-18 15:19 . 2010-06-18 15:19 1518 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_69525f90.exe

2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_2cd672ae.exe

2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_18be6784.exe

2010-06-18 15:18 . 2010-06-18 15:18 -------- d-----w- c:\program files\MP3 Player Utilities 4.00

2010-06-15 17:50 . 2010-06-15 17:50 -------- d-----w- c:\program files\Multimedia Transcoding Tool

2010-06-15 17:49 . 2010-03-14 06:17 -------- d-----w- c:\documents and settings\Devlish\Application Data\Apple Computer

2010-06-15 17:47 . 2010-03-14 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-06-09 23:01 . 2010-07-24 00:38 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-06-09 23:01 . 2010-07-24 00:38 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-06-09 23:01 . 2008-02-28 12:35 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2010-06-09 23:01 . 2008-02-28 12:35 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2010-06-09 23:01 . 2008-02-28 12:35 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys

2010-06-09 23:01 . 2008-02-28 12:35 133616 ------w- c:\windows\system32\pxafs.dll

2010-06-08 18:29 . 2010-06-08 18:29 45828 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

2010-06-08 18:27 . 2009-08-15 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2010-05-23 21:50 . 2010-06-25 02:17 73216 ----a-w- c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Devlish^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Devlish\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2010-05-18 20:41 1311312 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-07-21 21:32 136176 ----atw- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]

2005-04-13 15:46 751104 ----a-w- c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 03:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-09-19 10:14 16844800 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0330Mon.exe]

2007-04-30 06:03 32768 ----a-w- c:\windows\V0330Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]

2005-02-17 04:03 106496 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

2004-03-18 13:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"RemoteRegistry"=2 (0x2)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"helpsvc"=2 (0x2)

"ERSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10170-to-0.2.0.10179-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10433-to-0.2.2.10468-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"=

"c:\\Program Files\\Electronic Arts\\Armies of Exigo\\Exigo.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]

R2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [7/1/2008 9:42 AM 8960]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/7/2010 7:49 AM 10448]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]

S0 ccoxdmgu;ccoxdmgu;c:\windows\system32\drivers\yocgnxgs.sys --> c:\windows\system32\drivers\yocgnxgs.sys [?]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2010 6:38 PM 136176]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104]

S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2/22/2009 6:35 AM 157696]

S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6/21/2008 9:13 AM 158720]

S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6/21/2008 9:13 AM 5248]

.

Contents of the 'Scheduled Tasks' folder

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003Core.job

- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003UA.job

- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.orbitdownloader.com

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html

FF - ProfilePath - c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/

FF - component: c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe

MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-06 09:05

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%]

@Class="Shell"

[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%\OpenWithList]

@Class="Shell"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1128)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(3196)

c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll

c:\program files\Illustrate\dBpowerAMP\dBShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

.

**************************************************************************

.

Completion time: 2010-08-06 09:15:03 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-06 13:09

Pre-Run: 226,133,925,888 bytes free

Post-Run: 226,145,857,536 bytes free

- - End Of File - - 1030CE95445D08103789116D92E2429F

Link to post
Share on other sites

As you can see it found and killed something. still getting redirects tho. also... combo fix installed some kind of drivers when it was completing. is this normal?? catchme.sys and 1 or 2 others

Yes, it's normal.

You have some leftovers from AVG, so please use this tool to clean them:

http://download.avg.com/filedir/util/avg_a.../avgremover.exe

Let me know about the resaults.

Link to post
Share on other sites

Antivirus Version Last Update Result

a-squared 5.0.0.31 2010.07.11 -

AhnLab-V3 2010.07.10.00 2010.07.09 -

AntiVir 8.2.4.10 2010.07.09 -

Antiy-AVL 2.0.3.7 2010.07.09 -

Authentium 5.2.0.5 2010.07.10 -

Avast 4.8.1351.0 2010.07.10 -

Avast5 5.0.332.0 2010.07.10 -

AVG 9.0.0.836 2010.07.11 -

BitDefender 7.2 2010.07.11 -

CAT-QuickHeal 11.00 2010.07.10 -

ClamAV 0.96.0.3-git 2010.07.11 -

Comodo 5390 2010.07.11 -

DrWeb 5.0.2.03300 2010.07.11 -

eSafe 7.0.17.0 2010.07.08 -

eTrust-Vet 36.1.7696 2010.07.10 -

F-Prot 4.6.1.107 2010.07.10 -

F-Secure 9.0.15370.0 2010.07.11 -

Fortinet 4.1.143.0 2010.07.10 -

GData 21 2010.07.11 -

Ikarus T3.1.1.84.0 2010.07.11 -

Jiangmin 13.0.900 2010.07.11 -

Kaspersky 7.0.0.125 2010.07.11 -

McAfee 5.400.0.1158 2010.07.11 -

McAfee-GW-Edition 2010.1 2010.07.05 -

Microsoft 1.5902 2010.07.11 -

NOD32 5268 2010.07.11 -

Norman 6.05.11 2010.07.10 -

nProtect 2010-07-11.01 2010.07.11 -

Panda 10.0.2.7 2010.07.11 -

PCTools 7.0.3.5 2010.07.11 -

Prevx 3.0 2010.07.11 -

Rising 22.55.04.04 2010.07.09 -

Sophos 4.55.0 2010.07.11 -

Sunbelt 6566 2010.07.10 -

Symantec 20101.1.0.89 2010.07.11 -

TheHacker 6.5.2.1.311 2010.07.11 -

TrendMicro 9.120.0.1004 2010.07.11 -

TrendMicro-HouseCall 9.120.0.1004 2010.07.11 -

VBA32 3.12.12.6 2010.07.09 -

ViRobot 2010.6.29.3912 2010.07.10 -

VirusBuster 5.0.27.0 2010.07.10 -

Additional information

File size: 221184 bytes

MD5 : c5b41140dbda488a02e8d33b5ff95686

SHA1 : afe8b6f3a90faa8148e55a43d789872dbfa3b527

SHA256: 6bc4e07e07c4ddee6c4e16b0d52185dced6f239dfe9ab5708c62a205ad6e570a

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x19A8C

timedatestamp.....: 0x4802A154 (Mon Apr 14 02:12:04 2008)

machinetype.......: 0x14C (Intel I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x2C693 0x2D000 6.31 1ff9fee2a0f7fabf2b586ec7de490f5c

.data 0x2E000 0x40F0 0x3000 5.64 591a726c846a969a897745f7c6b83b2c

.rsrc 0x33000 0x3D8 0x1000 1.04 531c61bac95b2927128896d55f9d44f7

.reloc 0x34000 0x3B42 0x4000 4.18 939ad9306eff984cd68074481419921c

( 10 imports )

> advapi32.dll: RegCreateKeyExA, RegCreateKeyExW, RegOpenKeyExA, RegOpenKeyExW, RegQueryValueExA, RegQueryValueExW, RegCloseKey

> comctl32.dll: InitCommonControlsEx

> gdi32.dll: SelectPalette, RealizePalette, RectVisible, SetDIBitsToDevice, StretchDIBits, MaskBlt, StretchBlt, CreateDIBSection, GetDIBColorTable, GetDeviceCaps, GetObjectW, GetObjectType, GetObjectA, CreateICW, CreateICA, GetClipBox, CreateCompatibleDC, SelectClipRgn, SelectObject, OffsetViewportOrgEx, DeleteDC, SetRectRgn, CreateRectRgnIndirect, DeleteObject

> kernel32.dll: CompareStringW, GetDriveTypeA, GetDriveTypeW, QueryDosDeviceA, QueryDosDeviceW, GetWindowsDirectoryW, GetLocaleInfoW, GetLocaleInfoA, GetVersionExW, lstrcpyW, lstrcatW, LoadLibraryW, lstrcpynW, GetModuleHandleW, GetModuleFileNameW, GetModuleFileNameA, GetFileAttributesW, GetFileAttributesA, lstrlenA, CloseHandle, GetCurrentThreadId, WaitForSingleObject, SetEvent, FlushInstructionCache, GetCurrentProcess, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, InterlockedDecrement, SetLastError, GetLastError, FreeLibrary, SetErrorMode, GetProcAddress, GetExitCodeThread, CreateFileW, CreateFileA, DeviceIoControl, GetVersion, GetUserDefaultLangID, CreateThread, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, DisableThreadLibraryCalls, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, CreateEventW, CreateEventA, CompareStringA, GetModuleHandleA, GetWindowsDirectoryA, lstrlenW, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, VirtualAlloc, VirtualFree, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, SetUnhandledExceptionFilter, UnhandledExceptionFilter

> mpr.dll: WNetGetConnectionW, WNetGetConnectionA, WNetCancelConnection2W, WNetAddConnection2W

> msvcrt.dll: wcsstr, _wcsnicmp, _wtol, _vsnwprintf, wcschr, wcspbrk, iswspace, memmove, wcslen, wcsncmp, towupper, _wcsicmp, wcsrchr, vswprintf, _beginthreadex, _wtoi, iswdigit, wcscmp, _snwprintf, wcsncpy, __3@YAXPAX@Z, _onexit, __dllonexit, _adjust_fdiv, malloc, _initterm, free, _purecall, _except_handler3, __2@YAPAXI@Z

> ole32.dll: CoUninitialize, CoFreeUnusedLibraries, CoInitialize, CoCreateInstance

> oleaut32.dll: -, -, -, -, -, -, -

> shlwapi.dll: PathGetCharTypeW, PathGetCharTypeA

> user32.dll: MessageBoxA, MessageBoxW, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostThreadMessageA, PostThreadMessageW, RegisterClassExA, RegisterClassExW, UnregisterClassA, UnregisterClassW, RegisterWindowMessageA, SendMessageW, SetWindowLongA, SetWindowLongW, wvsprintfW, GetMonitorInfoA, GetMonitorInfoW, CharNextW, GetCapture, ReleaseCapture, SetCapture, GetFocus, SetFocus, IsWindowVisible, GetDC, ReleaseDC, InvalidateRect, InvalidateRgn, PtInRect, MonitorFromRect, WindowFromDC, LoadCursorW, GetWindowTextW, GetWindowTextA, GetWindowLongW, GetWindowLongA, GetMessageW, GetMessageA, GetClassNameA, GetClassLongA, GetClassInfoExW, GetClassInfoExA, DispatchMessageW, DispatchMessageA, DefWindowProcW, DefWindowProcA, CreateWindowExW, CreateWindowExA, GetSystemMetrics, CharNextA, GetCursorPos, MapWindowPoints, CallWindowProcW, CallWindowProcA, BeginPaint, CopyRect, LoadCursorA, OffsetRect, EndPaint, IsChild, ShowWindow, GetClientRect, SetWindowPos, GetParent, GetWindowRect, TranslateMessage, SetParent, IsWindow, DestroyWindow, BringWindowToTop, SendMessageA

( 1 exports )

> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, _Java_WMPNS_EventThread_CheckEvents@8, _Java_WMPNS_EventThread_GetThreadID@8, _Java_WMPNS_EventThread_kill@12, _Java_WMPNS_IWMPCdromCollection_equalsNative@20, _Java_WMPNS_IWMPCdromCollection_getByDriveSpecifierNative@20, _Java_WMPNS_IWMPCdromCollection_getCountNative@16, _Java_WMPNS_IWMPCdromCollection_itemNative@24, _Java_WMPNS_IWMPCdrom_ejectNative@16, _Java_WMPNS_IWMPCdrom_equalsNative@20, _Java_WMPNS_IWMPCdrom_getDriveSpecifierNative@16, _Java_WMPNS_IWMPCdrom_getPlaylistNative@16, _Java_WMPNS_IWMPClosedCaption_equalsNative@20, _Java_WMPNS_IWMPClosedCaption_getCaptioningIDNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIFileNameNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangIDNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNative@16, _Java_WMPNS_IWMPClosedCaption_setCaptioningIDNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIFileNameNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMILangNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIStyleNative@20, _Java_WMPNS_IWMPControls_equalsNative@20, _Java_WMPNS_IWMPControls_fastForwardNative@16, _Java_WMPNS_IWMPControls_fastReverseNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageCountNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageDescriptionNative@24, _Java_WMPNS_IWMPControls_getAudioLanguageIDNative@24, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageIndexNative@16, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageNative@16, _Java_WMPNS_IWMPControls_getCurrentItemNative@16, _Java_WMPNS_IWMPControls_getCurrentMarkerNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionStringNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionTimecodeNative@16, _Java_WMPNS_IWMPControls_getLanguageNameNative@24, _Java_WMPNS_IWMPControls_isAvailableNative@20, _Java_WMPNS_IWMPControls_nextNative@16, _Java_WMPNS_IWMPControls_pauseNative@16, _Java_WMPNS_IWMPControls_playItemNative@20, _Java_WMPNS_IWMPControls_playNative@16, _Java_WMPNS_IWMPControls_previousNative@16, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageIndexNative@24, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageNative@24, _Java_WMPNS_IWMPControls_setCurrentItemNative@20, _Java_WMPNS_IWMPControls_setCurrentMarkerNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionTimecodeNative@20, _Java_WMPNS_IWMPControls_stepNative@24, _Java_WMPNS_IWMPControls_stopNative@16, _Java_WMPNS_IWMPDVD_backNative@16, _Java_WMPNS_IWMPDVD_equalsNative@20, _Java_WMPNS_IWMPDVD_getDomainNative@16, _Java_WMPNS_IWMPDVD_isAvailableNative@20, _Java_WMPNS_IWMPDVD_resumeNative@16, _Java_WMPNS_IWMPDVD_titleMenuNative@16, _Java_WMPNS_IWMPDVD_topMenuNative@16, _Java_WMPNS_IWMPErrorItem_equalsNative@20, _Java_WMPNS_IWMPErrorItem_getConditionNative@16, _Java_WMPNS_IWMPErrorItem_getCustomUrlNative@16, _Java_WMPNS_IWMPErrorItem_getErrorCodeNative@16, _Java_WMPNS_IWMPErrorItem_getErrorContextNative@16, _Java_WMPNS_IWMPErrorItem_getErrorDescriptionNative@16, _Java_WMPNS_IWMPErrorItem_getRemedyNative@16, _Java_WMPNS_IWMPError_clearErrorQueueNative@16, _Java_WMPNS_IWMPError_equalsNative@20, _Java_WMPNS_IWMPError_getErrorCountNative@16, _Java_WMPNS_IWMPError_itemNative@24, _Java_WMPNS_IWMPError_webHelpNative@16, _Java_WMPNS_IWMPMediaCollection_addNative@20, _Java_WMPNS_IWMPMediaCollection_equalsNative@20, _Java_WMPNS_IWMPMediaCollection_getAllNative@16, _Java_WMPNS_IWMPMediaCollection_getAttributeStringCollectionNative@24, _Java_WMPNS_IWMPMediaCollection_getByAlbumNative@20, _Java_WMPNS_IWMPMediaCollection_getByAttributeNative@24, _Java_WMPNS_IWMPMediaCollection_getByAuthorNative@20, _Java_WMPNS_IWMPMediaCollection_getByGenreNative@20, _Java_WMPNS_IWMPMediaCollection_getByNameNative@20, _Java_WMPNS_IWMPMediaCollection_getMediaAtomNative@20, _Java_WMPNS_IWMPMediaCollection_isDeletedNative@20, _Java_WMPNS_IWMPMediaCollection_removeNative@24, _Java_WMPNS_IWMPMediaCollection_setDeletedNative@24, _Java_WMPNS_IWMPMedia_equalsNative@20, _Java_WMPNS_IWMPMedia_getAttributeCountByTypeNative@24, _Java_WMPNS_IWMPMedia_getAttributeCountNative@16, _Java_WMPNS_IWMPMedia_getAttributeNameNative@24, _Java_WMPNS_IWMPMedia_getDurationNative@16, _Java_WMPNS_IWMPMedia_getDurationStringNative@16, _Java_WMPNS_IWMPMedia_getErrorNative@16, _Java_WMPNS_IWMPMedia_getImageSourceHeightNative@16, _Java_WMPNS_IWMPMedia_getImageSourceWidthNative@16, _Java_WMPNS_IWMPMedia_getItemInfoByAtomNative@24, _Java_WMPNS_IWMPMedia_getItemInfoByTypeNative@32, _Java_WMPNS_IWMPMedia_getItemInfoNative@20, _Java_WMPNS_IWMPMedia_getMarkerCountNative@16, _Java_WMPNS_IWMPMedia_getMarkerNameNative@24, _Java_WMPNS_IWMPMedia_getMarkerTimeNative@24, _Java_WMPNS_IWMPMedia_getNameNative@16, _Java_WMPNS_IWMPMedia_getSourceURLNative@16, _Java_WMPNS_IWMPMedia_isIdenticalNative@20, _Java_WMPNS_IWMPMedia_isMemberOfNative@20, _Java_WMPNS_IWMPMedia_isReadOnlyItemNative@20, _Java_WMPNS_IWMPMedia_setItemInfoNative@24, _Java_WMPNS_IWMPMedia_setNameNative@20, _Java_WMPNS_IWMPNetwork_equalsNative@20, _Java_WMPNS_IWMPNetwork_getBandWidthNative@16, _Java_WMPNS_IWMPNetwork_getBitRateNative@16, _Java_WMPNS_IWMPNetwork_getBufferingCountNative@16, _Java_WMPNS_IWMPNetwork_getBufferingProgressNative@16, _Java_WMPNS_IWMPNetwork_getBufferingTimeNative@16, _Java_WMPNS_IWMPNetwork_getDownloadProgressNative@16, _Java_WMPNS_IWMPNetwork_getEncodedFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFramesSkippedNative@16, _Java_WMPNS_IWMPNetwork_getLostPacketsNative@16, _Java_WMPNS_IWMPNetwork_getMaxBandwidthNative@16, _Java_WMPNS_IWMPNetwork_getMaxBitRateNative@16, _Java_WMPNS_IWMPNetwork_getProxyBypassForLocalNative@20, _Java_WMPNS_IWMPNetwork_getProxyExceptionListNative@20, _Java_WMPNS_IWMPNetwork_getProxyNameNative@20, _Java_WMPNS_IWMPNetwork_getProxyPortNative@20, _Java_WMPNS_IWMPNetwork_getProxySettingsNative@20, _Java_WMPNS_IWMPNetwork_getReceivedPacketsNative@16, _Java_WMPNS_IWMPNetwork_getReceptionQualityNative@16, _Java_WMPNS_IWMPNetwork_getRecoveredPacketsNative@16, _Java_WMPNS_IWMPNetwork_getSourceProtocolNative@16, _Java_WMPNS_IWMPNetwork_setBufferingTimeNative@24, _Java_WMPNS_IWMPNetwork_setMaxBandwidthNative@24, _Java_WMPNS_IWMPNetwork_setProxyBypassForLocalNative@24, _Java_WMPNS_IWMPNetwork_setProxyExceptionListNative@24, _Java_WMPNS_IWMPNetwork_setProxyNameNative@24, _Java_WMPNS_IWMPNetwork_setProxyPortNative@28, _Java_WMPNS_IWMPNetwork_setProxySettingsNative@28, _Java_WMPNS_IWMPPlayerApplication_equalsNative@20, _Java_WMPNS_IWMPPlayerApplication_getHasDisplayNative@16, _Java_WMPNS_IWMPPlayerApplication_getPlayerDockedNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToControlNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_closeNative@16, _Java_WMPNS_IWMPPlayer_equalsNative@20, _Java_WMPNS_IWMPPlayer_getCdromCollectionNative@16, _Java_WMPNS_IWMPPlayer_getClosedCaptionNative@16, _Java_WMPNS_IWMPPlayer_getControlsNative@16, _Java_WMPNS_IWMPPlayer_getCurrentMediaNative@16, _Java_WMPNS_IWMPPlayer_getCurrentPlaylistNative@16, _Java_WMPNS_IWMPPlayer_getDvdNative@16, _Java_WMPNS_IWMPPlayer_getEnableContextMenuNative@16, _Java_WMPNS_IWMPPlayer_getEnabledNative@16, _Java_WMPNS_IWMPPlayer_getErrorNative@16, _Java_WMPNS_IWMPPlayer_getFullScreenNative@16, _Java_WMPNS_IWMPPlayer_getIsOnlineNative@16, _Java_WMPNS_IWMPPlayer_getIsRemoteNative@16, _Java_WMPNS_IWMPPlayer_getMediaCollectionNative@16, _Java_WMPNS_IWMPPlayer_getNetworkNative@16, _Java_WMPNS_IWMPPlayer_getOpenStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_getPlaylistCollectionNative@16, _Java_WMPNS_IWMPPlayer_getSettingsNative@16, _Java_WMPNS_IWMPPlayer_getStatusNative@16, _Java_WMPNS_IWMPPlayer_getStretchToFitNative@16, _Java_WMPNS_IWMPPlayer_getURLNative@16, _Java_WMPNS_IWMPPlayer_getUiModeNative@16, _Java_WMPNS_IWMPPlayer_getVersionInfoNative@16, _Java_WMPNS_IWMPPlayer_getWindowlessVideoNative@16, _Java_WMPNS_IWMPPlayer_launchURLNative@20, _Java_WMPNS_IWMPPlayer_newMediaNative@20, _Java_WMPNS_IWMPPlayer_newPlaylistNative@24, _Java_WMPNS_IWMPPlayer_openPlayerNative@20, _Java_WMPNS_IWMPPlayer_setCurrentMediaNative@20, _Java_WMPNS_IWMPPlayer_setCurrentPlaylistNative@20, _Java_WMPNS_IWMPPlayer_setEnableContextMenuNative@20, _Java_WMPNS_IWMPPlayer_setEnabledNative@20, _Java_WMPNS_IWMPPlayer_setFullScreenNative@20, _Java_WMPNS_IWMPPlayer_setStretchToFitNative@20, _Java_WMPNS_IWMPPlayer_setURLNative@20, _Java_WMPNS_IWMPPlayer_setUiModeNative@20, _Java_WMPNS_IWMPPlayer_setWindowlessVideoNative@20, _Java_WMPNS_IWMPPlaylistArray_equalsNative@20, _Java_WMPNS_IWMPPlaylistArray_getCountNative@16, _Java_WMPNS_IWMPPlaylistArray_itemNative@24, _Java_WMPNS_IWMPPlaylistCollection_equalsNative@20, _Java_WMPNS_IWMPPlaylistCollection_getAllNative@16, _Java_WMPNS_IWMPPlaylistCollection_getByNameNative@20, _Java_WMPNS_IWMPPlaylistCollection_importPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_isDeletedNative@20, _Java_WMPNS_IWMPPlaylistCollection_newPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_removeNative@20, _Java_WMPNS_IWMPPlaylistCollection_setDeletedNative@24, _Java_WMPNS_IWMPPlaylist_appendItemNative@20, _Java_WMPNS_IWMPPlaylist_clearNative@16, _Java_WMPNS_IWMPPlaylist_equalsNative@20, _Java_WMPNS_IWMPPlaylist_getAttributeCountNative@16, _Java_WMPNS_IWMPPlaylist_getAttributeNameNative@24, _Java_WMPNS_IWMPPlaylist_getCountNative@16, _Java_WMPNS_IWMPPlaylist_getItemInfoNative@20, _Java_WMPNS_IWMPPlaylist_getNameNative@16, _Java_WMPNS_IWMPPlaylist_insertItemNative@28, _Java_WMPNS_IWMPPlaylist_isIdenticalNative@20, _Java_WMPNS_IWMPPlaylist_itemNative@24, _Java_WMPNS_IWMPPlaylist_moveItemNative@32, _Java_WMPNS_IWMPPlaylist_removeItemNative@20, _Java_WMPNS_IWMPPlaylist_setItemInfoNative@24, _Java_WMPNS_IWMPPlaylist_setNameNative@20, _Java_WMPNS_IWMPSettings_equalsNative@20, _Java_WMPNS_IWMPSettings_getAutoStartNative@16, _Java_WMPNS_IWMPSettings_getBalanceNative@16, _Java_WMPNS_IWMPSettings_getBaseURLNative@16, _Java_WMPNS_IWMPSettings_getDefaultAudioLanguageNative@16, _Java_WMPNS_IWMPSettings_getDefaultFrameNative@16, _Java_WMPNS_IWMPSettings_getEnableErrorDialogsNative@16, _Java_WMPNS_IWMPSettings_getInvokeURLsNative@16, _Java_WMPNS_IWMPSettings_getMediaAccessRightsNative@16, _Java_WMPNS_IWMPSettings_getModeNative@20, _Java_WMPNS_IWMPSettings_getMuteNative@16, _Java_WMPNS_IWMPSettings_getPlayCountNative@16, _Java_WMPNS_IWMPSettings_getRateNative@16, _Java_WMPNS_IWMPSettings_getVolumeNative@16, _Java_WMPNS_IWMPSettings_isAvailableNative@20, _Java_WMPNS_IWMPSettings_requestMediaAccessRightsNative@20, _Java_WMPNS_IWMPSettings_setAutoStartNative@20, _Java_WMPNS_IWMPSettings_setBalanceNative@24, _Java_WMPNS_IWMPSettings_setBaseURLNative@20, _Java_WMPNS_IWMPSettings_setDefaultFrameNative@20, _Java_WMPNS_IWMPSettings_setEnableErrorDialogsNative@20, _Java_WMPNS_IWMPSettings_setInvokeURLsNative@20, _Java_WMPNS_IWMPSettings_setModeNative@24, _Java_WMPNS_IWMPSettings_setMuteNative@20, _Java_WMPNS_IWMPSettings_setPlayCountNative@24, _Java_WMPNS_IWMPSettings_setRateNative@24, _Java_WMPNS_IWMPSettings_setVolumeNative@24, _Java_WMPNS_IWMPStringCollection_equalsNative@20, _Java_WMPNS_IWMPStringCollection_getCountNative@16, _Java_WMPNS_IWMPStringCollection_itemNative@24, _Java_WMPNS_WMP_debug@12, _Java_WMPNS_WMP_getAppletHWND@8, _Java_WMPNS_WMP_getPlayer@12, _Java_WMPNS_WMP_getTargetHWND@12, _Java_WMPNS_WMP_killThread@12, _Java_WMPNS_WMP_spawnThread@16

TrID : File type identification

DirectShow filter (43.0%)

Windows OCX File (26.3%)

Win64 Executable Generic (18.2%)

Win32 Executable MS Visual C++ (generic) (8.0%)

Win32 Executable Generic (1.8%)

ssdeep: 3072:79oJZcTUKXq1KgL3PigjjjRJ5mDA0eWQztbEQ6uFLd:ecTbuKgTP75mDbeWQztbOuF

sigcheck: publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft® Windows Media Player

description..: Windows Media Player Applet Support DLL

original name: WMPNS.DLL

internal name: WMPNS.DLL

file version.: 9.00.00.4503

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD : -

RDS : NSRL Reference Data Set

-

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

Driver::
xkix
yocgnxgs
ccoxdmgu

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

ComboFix 10-08-08.02 - Devlish 08/09/2010 8:44.5.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1806 [GMT -4:00]

Running from: c:\documents and settings\Devlish\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Devlish\Desktop\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_ccoxdmgu

((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))

.

2010-08-08 19:08 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalrt.dll

2010-08-08 19:08 . 2010-07-07 01:58 53248 ----a-w- c:\windows\system32\aticalcl.dll

2010-08-08 19:08 . 2010-07-07 01:57 4337664 ----a-w- c:\windows\system32\aticaldd.dll

2010-08-08 19:08 . 2010-07-07 01:53 15499264 ----a-w- c:\windows\system32\atioglxx.dll

2010-08-08 19:08 . 2010-07-07 01:29 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2010-08-08 19:08 . 2010-07-07 01:24 184320 ----a-w- c:\windows\system32\atiadlxx.dll

2010-08-08 19:08 . 2010-07-07 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll

2010-08-08 19:08 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe

2010-08-08 19:08 . 2010-08-08 19:09 -------- d-----w- c:\program files\ATI

2010-08-06 06:19 . 2010-08-06 06:19 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcp71.dll

2010-08-06 06:19 . 2010-08-06 06:19 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\jmc.dll

2010-08-06 06:19 . 2010-08-06 06:19 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ee28c56-n\msvcr71.dll

2010-08-06 06:19 . 2010-08-06 06:19 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-sse.dll

2010-08-06 06:19 . 2010-08-06 06:19 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1b9d670e-n\decora-d3d.dll

2010-07-29 20:43 . 2008-04-14 09:42 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-07-29 20:36 . 2008-04-14 09:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-07-29 20:35 . 2008-04-14 09:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll

2010-07-27 18:28 . 2010-07-27 18:28 388096 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-07-27 18:28 . 2010-07-27 18:28 -------- d-----w- c:\program files\Trend Micro

2010-07-27 12:21 . 2010-07-27 12:21 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-26 23:24 . 2010-07-27 00:41 -------- d-----w- c:\program files\World of Warcraft

2010-07-26 00:05 . 2010-07-26 00:05 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-26 00:05 . 2010-07-26 00:05 -------- d-----w- c:\program files\Java

2010-07-24 00:41 . 2010-07-24 00:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-07-24 00:37 . 2010-07-24 00:37 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe

2010-07-24 00:37 . 2010-07-24 00:37 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-07-24 00:37 . 2010-07-24 00:37 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

2010-07-24 00:34 . 2010-07-24 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-07-23 23:18 . 2010-07-23 23:18 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll

2010-07-23 23:18 . 2010-07-23 23:18 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll

2010-07-23 23:18 . 2010-07-23 23:18 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll

2010-07-23 23:18 . 2010-07-23 23:18 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll

2010-07-23 23:18 . 2010-07-23 23:18 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll

2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll

2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll

2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys

2010-07-23 23:17 . 2010-07-23 23:17 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll

2010-07-23 23:02 . 2010-07-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-07-23 17:53 . 2010-07-23 17:53 54016 ----a-w- c:\windows\system32\drivers\xkix.sys

2010-07-22 22:43 . 2010-07-22 22:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-07-22 22:38 . 2010-07-22 22:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-07-22 22:38 . 2010-07-22 22:39 -------- d-----w- c:\program files\Google

2010-07-22 21:43 . 2010-07-22 21:43 -------- d-----w- c:\program files\FileASSASSIN

2010-07-22 20:49 . 2010-07-22 20:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-07-22 20:45 . 2010-07-22 20:45 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe

2010-07-22 19:37 . 2010-08-03 15:58 13104 ----a-w- c:\documents and settings\Devlish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-22 19:36 . 2010-07-22 19:36 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Sunbelt Software

2010-07-21 21:52 . 2010-07-21 21:52 503808 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcp71.dll

2010-07-21 21:52 . 2010-07-21 21:52 499712 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\jmc.dll

2010-07-21 21:52 . 2010-07-21 21:52 348160 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5f75f42e-n\msvcr71.dll

2010-07-21 21:52 . 2010-07-21 21:52 61440 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-sse.dll

2010-07-21 21:52 . 2010-07-21 21:52 12800 ----a-w- c:\documents and settings\Devlish\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d409bec-n\decora-d3d.dll

2010-07-21 21:32 . 2010-07-28 19:37 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Temp

2010-07-21 21:32 . 2010-07-22 22:39 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Google

2010-07-21 19:51 . 2010-07-21 19:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll

2010-07-21 19:51 . 2010-07-21 19:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys

2010-07-21 19:50 . 2010-07-21 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-21 19:13 . 2010-07-21 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-21 19:13 . 2010-07-21 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-07-21 18:08 . 2010-07-23 18:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-21 14:56 . 2010-07-21 14:56 -------- d-s---w- c:\documents and settings\LocalService\UserData

2010-07-21 14:04 . 2008-04-14 04:06 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys

2010-07-21 00:29 . 2010-07-21 00:29 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-07-14 17:28 . 2010-07-14 17:28 -------- d-----w- c:\documents and settings\Devlish\Local Settings\Application Data\Fallout3

2010-07-14 17:23 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe

2010-07-14 17:23 . 2010-07-14 17:23 -------- d-----w- c:\program files\Bethesda Softworks

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-08 19:13 . 2010-07-23 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-08-08 19:08 . 2008-02-05 13:43 -------- d-----w- c:\program files\ATI Technologies

2010-08-06 12:43 . 2009-08-04 20:57 -------- d-----w- c:\program files\Trillian

2010-07-29 19:59 . 2010-07-23 23:06 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-07-29 19:59 . 2010-07-23 23:06 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-07-27 18:43 . 2008-07-26 16:04 -------- d-----w- c:\program files\DivX

2010-07-27 00:41 . 2008-03-25 22:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2010-07-25 23:49 . 2008-04-01 18:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Orbit

2010-07-25 23:49 . 2008-02-07 01:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-07-25 23:47 . 2008-09-01 06:16 -------- d-----w- c:\program files\Common Files\Java

2010-07-24 05:25 . 2010-07-24 00:38 -------- d-----w- c:\documents and settings\Devlish\Application Data\DivX

2010-07-24 00:38 . 2010-07-24 00:38 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

2010-07-24 00:38 . 2010-07-24 00:38 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

2010-07-24 00:34 . 2010-07-24 00:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-07-24 00:34 . 2010-07-24 00:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-07-23 23:17 . 2010-07-23 23:17 133648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll

2010-07-23 23:17 . 2010-07-23 23:17 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll

2010-07-23 23:17 . 2010-07-23 23:17 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-07-23 23:17 . 2010-07-23 23:17 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll

2010-07-23 23:17 . 2010-07-23 23:17 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll

2010-07-23 23:17 . 2010-07-23 23:17 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll

2010-07-23 23:17 . 2010-07-23 23:17 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys

2010-07-23 23:05 . 2010-07-23 23:05 -------- d-----w- c:\program files\Kaspersky Lab

2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\program files\Lavasoft

2010-07-23 23:03 . 2009-11-21 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-07-22 21:55 . 2010-03-23 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-22 18:59 . 2010-03-31 12:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-21 21:07 . 2010-02-09 22:08 -------- d-----w- c:\documents and settings\Devlish\Application Data\Qunuze

2010-07-20 19:29 . 2009-09-03 12:36 -------- d-----w- c:\documents and settings\Devlish\Application Data\Irocka

2010-07-16 11:35 . 2009-06-27 17:12 -------- d-----w- c:\documents and settings\Devlish\Application Data\Edtuag

2010-07-14 17:23 . 2010-04-22 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3

2010-07-14 17:23 . 2008-02-05 13:34 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-07 19:19 . 2010-07-07 11:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logitech

2010-07-07 11:49 . 2010-07-07 11:49 -------- d-----w- c:\documents and settings\Devlish\Application Data\Leadertech

2010-07-07 11:49 . 2010-07-07 11:49 53248 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2010-07-07 11:49 . 2010-07-07 11:48 -------- d-----w- c:\program files\Common Files\LogiShrd

2010-07-07 11:49 . 2010-07-07 11:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd

2010-07-07 11:48 . 2008-05-28 14:47 -------- d-----w- c:\program files\Logitech

2010-07-07 11:48 . 2010-07-07 11:48 -------- d-----w- c:\documents and settings\Devlish\Application Data\Logishrd

2010-07-07 02:27 . 2007-06-15 01:58 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2010-07-07 01:50 . 2008-02-05 13:43 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2010-07-07 01:48 . 2008-02-05 13:43 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-07-07 01:47 . 2007-06-15 01:59 299520 ----a-w- c:\windows\system32\ati2dvag.dll

2010-07-07 01:41 . 2007-06-15 01:41 3869952 ----a-w- c:\windows\system32\ati3duag.dll

2010-07-07 01:33 . 2007-06-15 01:52 208896 ----a-w- c:\windows\system32\atipdlxx.dll

2010-07-07 01:32 . 2007-03-23 20:23 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2010-07-07 01:32 . 2007-06-15 01:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2010-07-07 01:32 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2010-07-07 01:32 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\ati2evxx.dll

2010-07-07 01:31 . 2007-06-15 01:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe

2010-07-07 01:29 . 2007-06-15 01:49 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2010-07-07 01:28 . 2007-06-15 01:31 2273920 ----a-w- c:\windows\system32\ativvaxx.dll

2010-07-07 01:27 . 2008-02-05 13:43 887724 ----a-w- c:\windows\system32\ativva6x.dat

2010-07-07 01:27 . 2008-02-05 13:43 3 ----a-w- c:\windows\system32\ativva5x.dat

2010-07-07 01:25 . 2007-06-15 01:18 573440 ----a-w- c:\windows\system32\atikvmag.dll

2010-07-07 01:24 . 2007-06-15 01:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll

2010-07-07 01:23 . 2007-06-15 01:17 17408 ----a-w- c:\windows\system32\atitvo32.dll

2010-07-07 01:19 . 2007-06-15 01:11 704512 ----a-w- c:\windows\system32\ati2cqag.dll

2010-07-07 01:15 . 2007-12-21 02:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll

2010-07-07 01:15 . 2007-06-15 01:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2010-06-18 15:34 . 2010-06-18 15:34 -------- d-----w- c:\documents and settings\Devlish\Application Data\Moyea

2010-06-18 15:19 . 2010-06-18 15:19 766 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_294823.exe

2010-06-18 15:19 . 2010-06-18 15:19 2238 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_4ae13d6c.exe

2010-06-18 15:19 . 2010-06-18 15:19 1518 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_69525f90.exe

2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_2cd672ae.exe

2010-06-18 15:19 . 2010-06-18 15:19 1078 ----a-r- c:\documents and settings\Devlish\Application Data\Microsoft\Installer\{7784A172-61F1-445E-8368-601607E0DD22}\_18be6784.exe

2010-06-18 15:18 . 2010-06-18 15:18 -------- d-----w- c:\program files\MP3 Player Utilities 4.00

2010-06-15 17:50 . 2010-06-15 17:50 -------- d-----w- c:\program files\Multimedia Transcoding Tool

2010-06-15 17:49 . 2010-03-14 06:17 -------- d-----w- c:\documents and settings\Devlish\Application Data\Apple Computer

2010-06-15 17:47 . 2010-03-14 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-06-09 23:01 . 2010-07-24 00:38 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-06-09 23:01 . 2010-07-24 00:38 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-06-09 23:01 . 2008-02-28 12:35 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys

2010-06-09 23:01 . 2008-02-28 12:35 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2010-06-09 23:01 . 2008-02-28 12:35 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys

2010-06-09 23:01 . 2008-02-28 12:35 133616 ------w- c:\windows\system32\pxafs.dll

2010-06-08 18:29 . 2010-06-08 18:29 45828 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

2010-05-23 21:50 . 2010-06-25 02:17 73216 ----a-w- c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

2010-05-11 20:42 . 2008-02-05 13:43 205156 ----a-w- c:\windows\system32\atiicdxx.dat

.

((((((((((((((((((((((((((((( SnapShot@2010-08-06_13.05.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2010-08-08 19:08 . 2010-07-07 01:32 81083 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\oemdspif.dll

+ 2010-08-08 19:08 . 2001-11-09 15:01 12614 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ativcoxx.dll

+ 2010-08-08 19:08 . 2009-02-18 17:55 81447 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiode.exe

+ 2010-08-08 19:08 . 2009-02-03 20:52 25093 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiodcli.exe

+ 2010-08-08 19:08 . 2010-07-07 01:15 41477 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atimpc32.dll

+ 2010-08-08 19:08 . 2010-07-07 01:29 28700 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiddc.dll

+ 2010-08-08 19:08 . 2010-07-07 01:58 29394 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\aticalrt.dll

+ 2010-08-08 19:08 . 2010-07-07 01:58 28972 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\aticalcl.dll

+ 2010-08-08 19:08 . 2009-05-11 21:35 71662 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atibtmon.exe

+ 2010-08-08 19:08 . 2010-07-07 01:29 54492 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiapfxx.exe

+ 2010-08-08 19:08 . 2010-07-07 01:32 16309 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2mdxx.exe

+ 2010-08-08 19:08 . 2010-07-07 01:32 80978 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2evxx.dll

+ 2010-08-08 19:08 . 2010-07-07 01:15 13650 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2erec.dll

+ 2010-08-08 19:08 . 2010-07-07 01:32 28844 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2edxx.dll

+ 2007-06-02 02:25 . 2009-02-03 20:52 45056 c:\windows\system32\ATIODCLI.exe

+ 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe

+ 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe

+ 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe

+ 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe

+ 2010-08-08 19:08 . 2010-08-08 19:08 77542 c:\windows\Installer\{C2274248-9536-B9E2-0886-84BF1F292219}\ARPPRODUCTICON.exe

+ 2010-08-08 19:08 . 2010-07-07 01:23 8348 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atitvo32.dll

+ 2010-08-06 16:09 . 2010-08-06 21:09 2452 c:\windows\SoftwareDistribution\EventCache\{FF422914-4A2D-490F-8D65-5C006FADDF2C}.bin

+ 2010-08-08 18:10 . 2010-08-09 04:10 2452 c:\windows\SoftwareDistribution\EventCache\{D4923E76-6FE8-49F2-A505-B493EDFF4512}.bin

+ 2010-08-07 22:10 . 2010-08-08 03:10 2452 c:\windows\SoftwareDistribution\EventCache\{B6481392-2CB8-41F0-992A-7B4A0A96BF55}.bin

+ 2010-08-07 02:09 . 2010-08-07 07:09 2452 c:\windows\SoftwareDistribution\EventCache\{82EEB085-EE01-4654-8357-7F206243F684}.bin

+ 2010-08-07 12:09 . 2010-08-07 17:09 2452 c:\windows\SoftwareDistribution\EventCache\{79756F80-A60F-463B-95C7-23A199F2F22B}.bin

+ 2010-08-08 08:10 . 2010-08-08 13:10 2452 c:\windows\SoftwareDistribution\EventCache\{4648F413-8141-4B45-9277-FBFBD1B0F166}.bin

+ 2010-08-09 04:10 . 2010-08-09 09:10 2452 c:\windows\SoftwareDistribution\EventCache\{0268B84F-C11F-40EF-ADF6-9C15D6D7650F}.bin

+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2010-08-08 19:08 . 2010-07-07 01:27 887724 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ativva6x.dat

+ 2010-08-08 19:08 . 2010-07-07 01:33 109092 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atipdlxx.dll

+ 2010-08-08 19:08 . 2010-07-07 01:24 194349 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiok3x2.dll

+ 2010-08-08 19:08 . 2010-07-07 01:25 306873 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atikvmag.dll

+ 2010-08-08 19:08 . 2010-07-07 01:50 311296 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiiiexx.dll

+ 2010-08-08 19:08 . 2010-05-11 20:42 205156 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiicdxx.dat

+ 2010-08-08 19:08 . 2010-07-07 01:48 446464 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atidemgx.dll

+ 2010-08-08 19:08 . 2010-07-07 01:24 101570 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atiadlxx.dll

+ 2010-08-08 19:08 . 2010-07-07 01:31 317754 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2evxx.exe

+ 2010-08-08 19:08 . 2010-07-07 01:47 188030 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2dvag.dll

+ 2010-08-08 19:08 . 2010-07-07 01:19 362057 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2cqag.dll

+ 2007-06-02 02:26 . 2009-02-18 17:55 294912 c:\windows\system32\ATIODE.exe

+ 2010-08-08 19:09 . 2010-08-08 19:09 718336 c:\windows\Installer\b9ada9c.msi

+ 2010-08-08 19:08 . 2010-08-08 19:08 219648 c:\windows\Installer\b9ada8b.msi

+ 2010-08-08 19:09 . 2010-08-08 19:09 238223 c:\windows\Installer\{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}\ARPPRODUCTICON.exe

+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2010-08-08 19:08 . 2010-07-07 01:28 1104942 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ativvaxx.dll

+ 2010-08-08 19:08 . 2010-07-07 01:53 6723831 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\atioglxx.dll

+ 2010-08-08 19:08 . 2010-07-07 01:57 2055374 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\aticaldd.dll

+ 2010-08-08 19:08 . 2010-07-07 01:41 2043007 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati3duag.dll

+ 2010-08-08 19:08 . 2010-07-07 02:27 3379320 c:\windows\system32\DRVSTORE\CX102491_447EBC2BF3945AA24FFCBAC34BDAEA08E20EA545\B102427\ati2mtag.sys

+ 2007-06-15 01:58 . 2010-07-07 02:27 5069312 c:\windows\system32\dllcache\ati2mtag.sys

+ 2010-08-08 19:08 . 2010-08-08 19:08 1597440 c:\windows\Installer\b9ada94.msi

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-21 04:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Devlish^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Devlish\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2010-05-18 20:41 1311312 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-07-21 21:32 136176 ----atw- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]

2005-04-13 15:46 751104 ----a-w- c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 03:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-09-19 10:14 16844800 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0330Mon.exe]

2007-04-30 06:03 32768 ----a-w- c:\windows\V0330Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]

2005-02-17 04:03 106496 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

2004-03-18 13:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"RemoteRegistry"=2 (0x2)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"helpsvc"=2 (0x2)

"ERSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10147-to-0.2.0.10170-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.0.10170-to-0.2.0.10179-enUS-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.2.2.10433-to-0.2.2.10468-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"=

"c:\\WOW PTR\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"=

"c:\\Program Files\\Electronic Arts\\Armies of Exigo\\Exigo.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 CX88XBAR;KWorld PVR 883 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [7/1/2008 9:42 AM 8960]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2010 6:38 PM 136176]

S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/7/2010 7:49 AM 10448]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/21/2010 3:51 PM 30104]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]

S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2/22/2009 6:35 AM 157696]

S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6/21/2008 9:13 AM 158720]

S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6/21/2008 9:13 AM 5248]

.

Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 22:38]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003Core.job

- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-823518204-682003330-1003UA.job

- c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-21 21:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.orbitdownloader.com

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html

IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html

FF - ProfilePath - c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/

FF - component: c:\documents and settings\Devlish\Application Data\Mozilla\Firefox\Profiles\sh4zei83.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\documents and settings\Devlish\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-09 08:53

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys >>UNKNOWN [0x8A6C6A17]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28

\Driver\ACPI -> ACPI.sys @ 0xf75aecb8

\Driver\atapi -> atapi.sys @ 0xf74a0852

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7439bb0

PacketIndicateHandler -> NDIS.sys @ 0xf7446a21

SendHandler -> NDIS.sys @ 0xf742487b

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%]

@Class="Shell"

[HKEY_USERS\S-1-5-21-2000478354-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4%0*`%\OpenWithList]

@Class="Shell"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\AlienGUIse\fastload.dll

.

Completion time: 2010-08-09 08:57:22 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-09 12:57

ComboFix2.txt 2010-08-06 13:15

Pre-Run: 225,844,674,560 bytes free

Post-Run: 225,830,178,816 bytes free

- - End Of File - - 93D012604763E63EDC0AB11C1DB1CBAD

Link to post
Share on other sites

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

2010/08/09 11:06:23.0343 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41

2010/08/09 11:06:23.0343 ================================================================================

2010/08/09 11:06:23.0343 SystemInfo:

2010/08/09 11:06:23.0343

2010/08/09 11:06:23.0343 OS Version: 5.1.2600 ServicePack: 3.0

2010/08/09 11:06:23.0343 Product type: Workstation

2010/08/09 11:06:23.0343 ComputerName: EXECUTER

2010/08/09 11:06:23.0343 UserName: Devlish

2010/08/09 11:06:23.0343 Windows directory: C:\WINDOWS

2010/08/09 11:06:23.0343 System windows directory: C:\WINDOWS

2010/08/09 11:06:23.0343 Processor architecture: Intel x86

2010/08/09 11:06:23.0343 Number of processors: 2

2010/08/09 11:06:23.0343 Page size: 0x1000

2010/08/09 11:06:23.0343 Boot type: Normal boot

2010/08/09 11:06:23.0343 ================================================================================

2010/08/09 11:06:23.0578 Initialize success

2010/08/09 11:06:27.0875 ================================================================================

2010/08/09 11:06:27.0875 Scan started

2010/08/09 11:06:27.0875 Mode: Manual;

2010/08/09 11:06:27.0875 ================================================================================

2010/08/09 11:06:28.0765 a347bus (61c7faa37417ca5bafa0490a49cc84d6) C:\WINDOWS\system32\DRIVERS\a347bus.sys

2010/08/09 11:06:28.0812 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\System32\Drivers\a347scsi.sys

2010/08/09 11:06:28.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/08/09 11:06:28.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/08/09 11:06:29.0015 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/08/09 11:06:29.0093 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

2010/08/09 11:06:29.0203 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/08/09 11:06:29.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/08/09 11:06:29.0281 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/08/09 11:06:29.0593 ati2mtag (1d99d1b43638e31ea5cf4a8fd199762b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/08/09 11:06:29.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/08/09 11:06:30.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/08/09 11:06:30.0156 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2010/08/09 11:06:30.0156 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2010/08/09 11:06:30.0203 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/08/09 11:06:30.0250 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/08/09 11:06:30.0281 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/08/09 11:06:30.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/08/09 11:06:30.0375 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/08/09 11:06:30.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/08/09 11:06:30.0515 CX23880 (4738c943897f84a3fc33781b3d50affc) C:\WINDOWS\system32\drivers\cx88vid.sys

2010/08/09 11:06:30.0546 CX88XBAR (243cc69ad24dd71264188d9af1ff1958) C:\WINDOWS\system32\drivers\CX88XBAR.sys

2010/08/09 11:06:30.0609 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/08/09 11:06:30.0687 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/08/09 11:06:30.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/08/09 11:06:30.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/08/09 11:06:30.0828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/08/09 11:06:30.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/08/09 11:06:30.0890 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

2010/08/09 11:06:30.0937 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/08/09 11:06:30.0984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/08/09 11:06:31.0015 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS

2010/08/09 11:06:31.0046 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/08/09 11:06:31.0093 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/08/09 11:06:31.0156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/08/09 11:06:31.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/08/09 11:06:31.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/08/09 11:06:31.0281 gdrv (b6bfec7542730e9a376bf2408423d493) C:\WINDOWS\gdrv.sys

2010/08/09 11:06:31.0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/08/09 11:06:31.0343 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys

2010/08/09 11:06:31.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/08/09 11:06:31.0468 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/08/09 11:06:31.0515 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/08/09 11:06:31.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/08/09 11:06:31.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/08/09 11:06:31.0796 IntcAzAudAddService (c282875880df189c64c465fc54a0150a) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/08/09 11:06:31.0875 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/08/09 11:06:31.0890 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/08/09 11:06:31.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/08/09 11:06:31.0968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/08/09 11:06:32.0031 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/08/09 11:06:32.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/08/09 11:06:32.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/08/09 11:06:32.0125 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/08/09 11:06:32.0156 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\Drivers\itchfltr.sys

2010/08/09 11:06:32.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/08/09 11:06:32.0203 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/08/09 11:06:32.0281 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys

2010/08/09 11:06:32.0296 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys

2010/08/09 11:06:32.0375 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys

2010/08/09 11:06:32.0421 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys

2010/08/09 11:06:32.0453 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys

2010/08/09 11:06:32.0484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/08/09 11:06:32.0531 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/08/09 11:06:32.0562 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys

2010/08/09 11:06:32.0609 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\Drivers\LCcFltr.Sys

2010/08/09 11:06:32.0640 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

2010/08/09 11:06:32.0671 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys

2010/08/09 11:06:32.0687 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

2010/08/09 11:06:32.0718 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/08/09 11:06:32.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/08/09 11:06:32.0765 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/08/09 11:06:32.0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/08/09 11:06:32.0843 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/08/09 11:06:32.0875 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/08/09 11:06:33.0031 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/08/09 11:06:33.0046 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/08/09 11:06:33.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/08/09 11:06:33.0078 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/08/09 11:06:33.0109 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/08/09 11:06:33.0125 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/08/09 11:06:33.0171 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/08/09 11:06:33.0218 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/08/09 11:06:33.0250 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/08/09 11:06:33.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/08/09 11:06:33.0328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/08/09 11:06:33.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/08/09 11:06:33.0390 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/08/09 11:06:33.0421 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/08/09 11:06:33.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/08/09 11:06:33.0484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/08/09 11:06:33.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/08/09 11:06:33.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/08/09 11:06:33.0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/08/09 11:06:33.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/08/09 11:06:33.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/08/09 11:06:33.0703 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/08/09 11:06:33.0750 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/08/09 11:06:33.0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/08/09 11:06:33.0812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/08/09 11:06:33.0859 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/08/09 11:06:33.0890 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/08/09 11:06:33.0953 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/08/09 11:06:34.0046 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys

2010/08/09 11:06:34.0078 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/08/09 11:06:34.0093 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys

2010/08/09 11:06:34.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/08/09 11:06:34.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/08/09 11:06:34.0203 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/08/09 11:06:34.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/08/09 11:06:34.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/08/09 11:06:34.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/08/09 11:06:34.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/08/09 11:06:34.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/08/09 11:06:34.0437 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/08/09 11:06:34.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/08/09 11:06:34.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/08/09 11:06:34.0578 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/08/09 11:06:34.0640 RTLE8023xp (36ada62330c31ad314e4a26b815fc485) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/08/09 11:06:34.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/08/09 11:06:34.0718 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/08/09 11:06:34.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/08/09 11:06:34.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/08/09 11:06:34.0859 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/08/09 11:06:34.0906 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/08/09 11:06:34.0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/08/09 11:06:35.0031 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/08/09 11:06:35.0062 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/08/09 11:06:35.0078 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/08/09 11:06:35.0125 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/08/09 11:06:35.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/08/09 11:06:35.0281 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/08/09 11:06:35.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/08/09 11:06:35.0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/08/09 11:06:35.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/08/09 11:06:35.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/08/09 11:06:35.0531 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/08/09 11:06:35.0578 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/08/09 11:06:35.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/08/09 11:06:35.0625 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/08/09 11:06:35.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/08/09 11:06:35.0671 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/08/09 11:06:35.0687 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/08/09 11:06:35.0734 V0330VID (c31d232a9ccbaa03da67504ec5c208ca) C:\WINDOWS\system32\DRIVERS\V0330Vid.sys

2010/08/09 11:06:35.0765 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys

2010/08/09 11:06:35.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/08/09 11:06:35.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/08/09 11:06:35.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/08/09 11:06:35.0937 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

2010/08/09 11:06:35.0968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/08/09 11:06:36.0015 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/08/09 11:06:36.0046 ================================================================================

2010/08/09 11:06:36.0046 Scan finished

2010/08/09 11:06:36.0046 ================================================================================

2010/08/09 11:06:44.0859 Deinitialize success

Link to post
Share on other sites

Run MBRCheck.exe

  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  • When asked Do you want to fix the MBR code? type in YES and press enter
  • Restart your PC.

Link to post
Share on other sites

ok.. got the program to run in safe mode as administrator (can't believe i remembered the password). i'm pretty sure you are going to want me to use it on drive 3 instead of 0. but i used it on 0 like you said.

thanks for sticking with me on this :(

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000000fc

Kernel Drivers (total 100):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806FF000 \WINDOWS\system32\hal.dll

0x8AA91000 \WINDOWS\system32\KDCOM.DLL

0xF789B000 \WINDOWS\system32\BOOTVID.dll

0xF75A8000 ACPI.sys

0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7597000 pci.sys

0xF75F7000 isapnp.sys

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7607000 MountMgr.sys

0xF74D8000 ftdisk.sys

0xF7989000 dmload.sys

0xF74B2000 dmio.sys

0xF770F000 PartMgr.sys

0xF7617000 VolSnap.sys

0xF749A000 atapi.sys

0xF7627000 disk.sys

0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF747A000 fltmgr.sys

0xF7468000 sr.sys

0xF7647000 PxHelp20.sys

0xF7451000 KSecDD.sys

0xF7B52000 Ntfs.sys

0xF7424000 NDIS.sys

0xF740A000 Mup.sys

0xF7657000 klbg.sys

0xBA6DE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF7767000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xBA6BA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF776F000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF7687000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF791F000 \SystemRoot\system32\drivers\pfc.sys

0xF7697000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF76A7000 \SystemRoot\system32\DRIVERS\redbook.sys

0xBA697000 \SystemRoot\system32\DRIVERS\ks.sys

0xBA67E000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys

0xF76B7000 \SystemRoot\system32\DRIVERS\klim5.sys

0xF76C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7933000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xBA667000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF76D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF76E7000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF779F000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xBA62E000 \SystemRoot\system32\DRIVERS\psched.sys

0xF76F7000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF77AF000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF77BF000 \SystemRoot\system32\DRIVERS\raspti.sys

0xBA5AE000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF7587000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF77CF000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF77D7000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7577000 \SystemRoot\system32\DRIVERS\VClone.sys

0xBA4F6000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0xF7991000 \SystemRoot\system32\DRIVERS\swenum.sys

0xBA498000 \SystemRoot\system32\DRIVERS\update.sys

0xBA7F8000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF7567000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7557000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF799B000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF79A1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7A8C000 \SystemRoot\System32\Drivers\Null.SYS

0xF79A5000 \SystemRoot\System32\Drivers\Beep.SYS

0xF775F000 \SystemRoot\System32\drivers\vga.sys

0xBA402000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0xF79A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF77A7000 \SystemRoot\System32\Drivers\Npfs.SYS

0xBA48C000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xBA468000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF7547000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xBA5EE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBA3A7000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xBA34E000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xBA326000 \SystemRoot\system32\DRIVERS\netbt.sys

0xBA300000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xBA2DE000 \SystemRoot\System32\drivers\afd.sys

0xF7537000 \SystemRoot\system32\DRIVERS\netbios.sys

0xBA2B3000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xBA243000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF77DF000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xBA3CE000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xF7797000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0xF7517000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

0xBA1D2000 \SystemRoot\System32\Drivers\wdf01000.sys

0xBA450000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xBA5E6000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0xF74F7000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xBA142000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF79CF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xBA424000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77B7000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7A60000 \SystemRoot\System32\drivers\dxgthk.sys

0xBFF50000 \SystemRoot\System32\framebuf.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xB9E1A000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB9BA8000 \SystemRoot\system32\DRIVERS\srv.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 15):

0 System Idle Process

4 System

868 C:\WINDOWS\system32\smss.exe

920 csrss.exe

944 C:\WINDOWS\system32\winlogon.exe

988 C:\WINDOWS\system32\services.exe

1000 C:\WINDOWS\system32\lsass.exe

1160 C:\WINDOWS\system32\svchost.exe

1248 svchost.exe

1460 C:\WINDOWS\system32\svchost.exe

1572 svchost.exe

1728 svchost.exe

504 C:\WINDOWS\explorer.exe

672 C:\WINDOWS\system32\notepad.exe

756 C:\Documents and Settings\Devlish\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`007e0000 (NTFS)

PhysicalDrive3 Model Number: SAMSUNGHD501LJ, Rev: CR100-12

PhysicalDrive0 Model Number: Maxtor6Y160P0, Rev: YAR41BW0

PhysicalDrive1 Model Number: Maxtor6L200M0, Rev: BANC1G10

PhysicalDrive2 Model Number: Maxtor7B250S0, Rev: BANC1E00

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive3 MBR Code Faked!

SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995

152 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

189 GB \\.\PhysicalDrive1 Legit MBR code detected

SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495

233 GB \\.\PhysicalDrive2 Legit MBR code detected

SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.