TechSpot

Infected again, but..

By Hurriken
Oct 14, 2010
  1. Broni,

    You may remember me. You helped me dig myself out of a malware problem in June.
    http://www.techspot.com/vb/topic148986.html

    Now I'm back and I am read to go hunting for the pond scum that write these things. I wrote the title "Infected again, but..." for a reason. I installed XP on my system in February of 2009. Lately more and more programs were giving me troble and becoming glitchy. The version of XP that I have is HP's version, therefore it is loaded with tons of annoying junk. Therefore, I'm thinking that instead of fighting through this Malware again I might just back up my system, buy copy of XP Pro and reformat.

    Am I thinking straight?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Reinstalling with XP CD will "cost" you hunting for drivers.

    Do you actually have any malware related issues?
     
  3. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    Yes, in my weakness I broke down and was looking at...football stats! I clicked to advance to the next page and spam windows opened, and Avast alerted me. I figured Avast had stopped it but just in case I ran Malwarebytes and it found and cleaned one file. The frustrating thing is that the "football" site is supposedly reputable, I've been a paying customer for years, but now I'm afraid to go there.

    My idea for reformatting came before this happened. Back in the '90's I reformatted my computer every 6-12 months. I don't hear about people doing that anymore. I was having some glitch issues before this happened and I get frustrated with the HP garbage that keeps popping up from time to time. My sound card doesn't exactly work the way it supposed to and there are a few other things. I figured a clean sweep would help me get back on track.


    OR should I remove the malware and then work on my machine bit by bit...hey thats a pun! (Meaning reformatting is unnecessary these days)

    Thanks
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Does WOT list that site in green?
    Have you complained to them?

    Yeah, with NTFS, we don't do this anymore.

    It has to be your call. Let me know....
     
  5. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    I've decided to clean it. I'm having a problem going through the eight steps. When I run the GMER scan it reboots before the scan finishes. That happened twice. What should I do?
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    There are couple of hints in our manual, what to do, if GMER misbehaves.
    If still a problem, skip it, but let me know.
     
  7. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    I'm not sure how but I read it 4 or 5 times and I missed that line...duh.
     
  8. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    I tried unchecking the device box and I tried it in safe mode. GMER runs for a while and then the computer restarts by itself.
     
  9. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    This isn't going well. I was able to get GMER to run by turning off the windows update checker. It ran for 6 hours and then it just dissapeared. No warning, no log file, nothing. ThenI ran DDS it goes for three minutes and then closes. No log files either.

    Malwarebytes ran and produced a log but it seems worthless.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4844

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    10/15/2010 10:46:11 PM
    mbam-log-2010-10-15 (22-46-11).txt

    Scan type: Quick scan
    Objects scanned: 185074
    Time elapsed: 7 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    No worries :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000003fd

    Kernel Drivers (total 87):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0x8A6B8000 \WINDOWS\system32\KDCOM.DLL
    0xF789B000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7607000 ohci1394.sys
    0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7989000 viaide.sys
    0xF798B000 intelide.sys
    0xF7627000 MountMgr.sys
    0xF74D8000 ftdisk.sys
    0xF798D000 dmload.sys
    0xF74B2000 dmio.sys
    0xF770F000 PartMgr.sys
    0xF7637000 VolSnap.sys
    0xF7B28000 iastor.sys
    0xF749A000 atapi.sys
    0xF7647000 disk.sys
    0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF747A000 fltmgr.sys
    0xF7468000 sr.sys
    0xF7452000 DRVMCDB.SYS
    0xF7667000 PxHelp20.sys
    0xB87E9000 KSecDD.sys
    0xB875C000 Ntfs.sys
    0xB872F000 NDIS.sys
    0xB8715000 Mup.sys
    0xF7807000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB65E1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7757000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7697000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7767000 \SystemRoot\system32\drivers\Afc.sys
    0xF7995000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xF76A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76B7000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB65BE000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF77B7000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
    0xF77CF000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF76C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7927000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
    0xF77F7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7999000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
    0xB658E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF76D7000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7777000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF799F000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB6508000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7943000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF76E7000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
    0xF76F7000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79A3000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF771F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7A5B000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF777F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xF778F000 \SystemRoot\System32\drivers\vga.sys
    0xB63FA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0xF77AF000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF77C7000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB638E000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF779F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF77BF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF792B000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF7557000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF77E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF77FF000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
    0xB636D000 \SystemRoot\system32\DRIVERS\SaiH0464.sys
    0xB6586000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF79BD000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
    0xB657E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB635C000 \SystemRoot\System32\Drivers\Udfs.SYS
    0xB6344000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79CD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB63D6000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB640E000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7A54000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBFF50000 \SystemRoot\System32\framebuf.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 13):
    0 System Idle Process
    4 System
    164 C:\WINDOWS\system32\smss.exe
    212 csrss.exe
    236 C:\WINDOWS\system32\winlogon.exe
    284 C:\WINDOWS\system32\services.exe
    296 C:\WINDOWS\system32\lsass.exe
    460 C:\WINDOWS\system32\svchost.exe
    536 svchost.exe
    596 C:\WINDOWS\system32\svchost.exe
    868 C:\WINDOWS\explorer.exe
    1968 C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
    2044 C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`1b4a6200 (FAT32)

    PhysicalDrive0 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 4A3BF69CA3259413E25A52D6E01242850E3B0E3A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!


    ==================================================================

    Combo fix is running but it wants to download recovery console. I allowed it but now it's asking me if "this is a windows "Home edition" machine". I am not sure if I should click no because it isn't Pro either. I have Win XP Media Edition for HP.
     
  12. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    Scratch that last comment, I have it working now.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    OK................
     
  14. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    ComboFix 10-10-16.03 - HP_Administrator 10/16/2010 23:19:16.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1617 [GMT -5:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
    .

    2010-10-14 23:43 . 2010-10-14 23:43 -------- d-----w- c:\program files\Carbonite
    2010-10-13 13:41 . 2010-10-13 13:41 -------- d-----w- c:\program files\Common Files\Skype
    2010-10-13 04:55 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 04:55 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 04:55 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-06 22:32 . 2010-10-06 22:32 -------- d-----w- c:\program files\Bonjour
    2010-10-03 19:24 . 2010-10-03 19:24 -------- d-----w- c:\documents and settings\Sigrid\Local Settings\Application Data\PCHealth
    2010-09-22 23:10 . 2010-09-22 23:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-22 23:10 . 2010-09-22 23:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2010-09-20 00:17 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2010-09-20 00:17 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
    2010-09-18 15:16 . 2010-09-18 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-04 180269]
    "SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-04-02 1103744]
    "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-28 81920]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]
    "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
    "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-09-15 281744]

    c:\documents and settings\Jennifer\Start Menu\Programs\Startup\
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    c:\documents and settings\Melissa\Start Menu\Programs\Startup\
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    c:\documents and settings\Sigrid\Start Menu\Programs\Startup\
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-8-31 385024]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-24 805392]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-2-13 118784]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-31 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\FileMaker\\FileMaker Pro 8\\FileMaker Pro.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
    "c:\\Program Files\\FileMaker\\FileMaker Pro 10\\FileMaker Pro.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
    "c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
    "c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"=
    "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/26/2010 4:26 PM 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/26/2010 4:26 PM 17744]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
    R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [5/17/2009 11:28 AM 36384]
    R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [10/21/2009 1:27 PM 22600]
    R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [3/31/2008 10:31 AM 136832]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7/20/2010 2:50 PM 79360]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
    S3 SASENUM;SASENUM;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
    S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [6/8/2007 6:02 PM 19640]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://cm.my.yahoo.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    Trusted Zone: trymedia.com
    DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://dio.conbio.com/NELX.cab
    DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.130.69/DGTx.CAB
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
    FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\npNELaunch@sonicwall.com\plugins\npNELaunch.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\plugins\npcoolirisplugin.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A948446]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
    \Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
    \Driver\atapi -> atapi.sys @ 0xb7e5a852
    \Driver\iaStor -> iastor.sys @ 0xb7e74f78
    IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
    \Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
    NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC #2 -> SendCompleteHandler -> NDIS.sys @ 0xb7d50bb0
    PacketIndicateHandler -> NDIS.sys @ 0xb7d5da21
    SendHandler -> NDIS.sys @ 0xb7d3b87b
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1803973265-24010120-1312370383-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7972777E-C13A-3EA4-B0E6-6B2C125A01E1}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abhbinpgdpbiiecdeeodhldcdafffbadjo"=hex:61,61,00,00
    "bbhbinpgdpbiiecdeendchgpmpeabppdhmhd"=hex:61,61,00,00
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(748)
    c:\windows\system32\WININET.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'lsass.exe'(808)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-10-16 23:35:34
    ComboFix-quarantined-files.txt 2010-10-17 04:35

    Pre-Run: 84,766,593,024 bytes free
    Post-Run: 84,739,821,568 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

    - - End Of File - - 976B38F1F2EF95114435D2F335E4CDD4
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  16. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000001fd

    Kernel Drivers (total 160):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xB85A8000 \WINDOWS\system32\KDCOM.DLL
    0xB84B8000 \WINDOWS\system32\BOOTVID.dll
    0xB7F79000 ACPI.sys
    0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB7F68000 pci.sys
    0xB80A8000 isapnp.sys
    0xB80B8000 ohci1394.sys
    0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB8670000 pciide.sys
    0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB85AC000 viaide.sys
    0xB85AE000 intelide.sys
    0xB80D8000 MountMgr.sys
    0xB7F49000 ftdisk.sys
    0xB85B0000 dmload.sys
    0xB7F23000 dmio.sys
    0xB8330000 PartMgr.sys
    0xB80E8000 VolSnap.sys
    0xB7E6C000 iastor.sys
    0xB7E54000 atapi.sys
    0xB80F8000 disk.sys
    0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB7E34000 fltmgr.sys
    0xB7E22000 sr.sys
    0xB7E0C000 DRVMCDB.SYS
    0xB8118000 PxHelp20.sys
    0xB7DF5000 KSecDD.sys
    0xB7D68000 Ntfs.sys
    0xB7D3B000 NDIS.sys
    0xB7D21000 Mup.sys
    0xB8148000 \SystemRoot\system32\DRIVERS\AmdK8.sys
    0xB4750000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB473C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB471F000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xB8408000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB46FB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB8410000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB51FD000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB8418000 \SystemRoot\system32\drivers\Afc.sys
    0xB85D2000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xB51ED000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB51DD000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB46D8000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB8420000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
    0xB4659000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xB4635000 \SystemRoot\system32\drivers\portcls.sys
    0xB51CD000 \SystemRoot\system32\drivers\drmk.sys
    0xB4600000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xB8428000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0xB51BD000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB8430000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB51AD000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB5CF9000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB45EC000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB519D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB5CF5000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
    0xB8438000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB85D8000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
    0xB5CF1000 \SystemRoot\system32\DRIVERS\arpolicy.sys
    0xB876F000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB518D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB5CED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB45D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB517D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB516D000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB8440000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB45C4000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB8158000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB8448000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB8450000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB4594000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB8168000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB8458000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB853C000 \SystemRoot\system32\DRIVERS\NxDrv.sys
    0xB85DA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB4536000 \SystemRoot\system32\DRIVERS\update.sys
    0xB5257000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8178000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
    0xB8188000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB8198000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB85E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xADE5D000 \SystemRoot\system32\drivers\ha20x2k.sys
    0xADE2D000 \SystemRoot\system32\drivers\emupia2k.sys
    0xADE04000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0xADD68000 \SystemRoot\system32\drivers\ctac32k.sys
    0xADD53000 \SystemRoot\System32\drivers\CTHWIUT.SYS
    0xADD27000 \SystemRoot\System32\drivers\CT20XUT.SYS
    0xADBE0000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
    0xB8460000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB85E4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB8753000 \SystemRoot\System32\Drivers\Null.SYS
    0xB85E6000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB8470000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xB8478000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB8480000 \SystemRoot\System32\drivers\vga.sys
    0xB85E8000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB85EA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB8488000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB8490000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB8570000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xADBAD000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xADB54000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB81C8000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xADB2E000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xADB06000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB81D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xADABC000 \SystemRoot\System32\drivers\afd.sys
    0xB81E8000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB81F8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xAD9F1000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAD981000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB8218000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB8498000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xAD95A000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xB84A8000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xB84B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB8590000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB8228000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB8340000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
    0xAD936000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB44F4000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xB44F0000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB85F6000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
    0xB44E8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB8258000 \SystemRoot\system32\drivers\usbaudio.sys
    0xAD915000 \SystemRoot\system32\DRIVERS\SaiH0464.sys
    0xB8268000 \SystemRoot\System32\Drivers\npusbio.sys
    0xAD8D5000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xB85FC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB219C000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB8378000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xB871B000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xAD5D0000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xADA7C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xB8696000 \SystemRoot\System32\DLA\DLADResN.SYS
    0xAD51E000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xAD5B8000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xB8606000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xB8380000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xAD416000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xAD400000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xAD55C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB8390000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0xB8398000 \SystemRoot\system32\DRIVERS\purendis.sys
    0xAD281000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xAD014000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAD191000 \SystemRoot\system32\drivers\sysaudio.sys
    0xACFC4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xACD70000 \SystemRoot\System32\Drivers\HTTP.sys
    0xACC28000 \SystemRoot\system32\DRIVERS\srv.sys
    0xACD60000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xAC818000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xAD466000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 82):
    0 System Idle Process
    4 System
    668 C:\WINDOWS\system32\smss.exe
    716 csrss.exe
    744 C:\WINDOWS\system32\winlogon.exe
    788 C:\WINDOWS\system32\services.exe
    800 C:\WINDOWS\system32\lsass.exe
    996 C:\WINDOWS\system32\nvsvc32.exe
    1048 C:\WINDOWS\system32\svchost.exe
    1112 svchost.exe
    1264 C:\WINDOWS\system32\svchost.exe
    1420 svchost.exe
    1568 svchost.exe
    1676 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1992 C:\WINDOWS\system32\spoolsv.exe
    2036 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    424 svchost.exe
    484 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    508 C:\WINDOWS\arservice.exe
    564 C:\Program Files\Bonjour\mDNSResponder.exe
    584 C:\WINDOWS\system32\CTSVCCDA.EXE
    608 C:\WINDOWS\ehome\ehrecvr.exe
    1340 C:\WINDOWS\ehome\ehSched.exe
    1320 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    1548 C:\Program Files\Java\jre6\bin\jqs.exe
    1640 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    440 C:\WINDOWS\system32\PnkBstrA.exe
    408 C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
    1040 svchost.exe
    1096 C:\WINDOWS\system32\svchost.exe
    1208 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2072 mcrdsvc.exe
    2172 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    2340 C:\WINDOWS\system32\wuauclt.exe
    2348 C:\WINDOWS\explorer.exe
    2640 wmiprvse.exe
    3808 C:\WINDOWS\system32\dllhost.exe
    4072 alg.exe
    216 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    648 C:\WINDOWS\system32\wscntfy.exe
    3944 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3992 C:\WINDOWS\system32\svchost.exe
    1216 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    1336 C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
    1196 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    2452 C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    2528 C:\WINDOWS\system32\rundll32.exe
    2728 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    2764 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    2984 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
    3084 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3148 C:\WINDOWS\ehome\ehtray.exe
    1960 C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
    3224 C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    3220 C:\WINDOWS\ehome\ehmsas.exe
    3264 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    948 C:\WINDOWS\system32\Ctxfihlp.exe
    3512 C:\WINDOWS\system32\CtHelper.exe
    3700 C:\WINDOWS\arpwrmsg.exe
    3840 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    3884 C:\WINDOWS\system32\CTxfispi.exe
    3900 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1564 C:\Program Files\iTunes\iTunesHelper.exe
    3820 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    2496 C:\Program Files\Steam\steam.exe
    264 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2848 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    2912 C:\Program Files\Skype\Phone\Skype.exe
    2980 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    3048 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    3144 C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    1892 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    1644 C:\Program Files\iPod\bin\iPodService.exe
    3616 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    296 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    4148 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    5908 C:\hp\KBD\kbd.exe
    320 C:\WINDOWS\system\hpsysdrv.exe
    4724 C:\Program Files\DISC\DISCover.exe
    4920 C:\Program Files\DISC\DISCUpdMgr.exe
    4928 C:\Program Files\DISC\DiscStreamHub.exe
    6136 C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`1b4a6200 (FAT32)

    PhysicalDrive0 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Looks good now :)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  18. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    2010/10/17 12:12:07.0890 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
    2010/10/17 12:12:07.0890 ================================================================================
    2010/10/17 12:12:07.0890 SystemInfo:
    2010/10/17 12:12:07.0890
    2010/10/17 12:12:07.0890 OS Version: 5.1.2600 ServicePack: 3.0
    2010/10/17 12:12:07.0890 Product type: Workstation
    2010/10/17 12:12:07.0890 ComputerName: YOUR-4DACD0EA75
    2010/10/17 12:12:07.0890 UserName: HP_Administrator
    2010/10/17 12:12:07.0890 Windows directory: C:\WINDOWS
    2010/10/17 12:12:07.0890 System windows directory: C:\WINDOWS
    2010/10/17 12:12:07.0890 Processor architecture: Intel x86
    2010/10/17 12:12:07.0890 Number of processors: 2
    2010/10/17 12:12:07.0890 Page size: 0x1000
    2010/10/17 12:12:07.0890 Boot type: Normal boot
    2010/10/17 12:12:07.0890 ================================================================================
    2010/10/17 12:12:08.0125 Initialize success
    2010/10/17 12:12:13.0859 ================================================================================
    2010/10/17 12:12:13.0859 Scan started
    2010/10/17 12:12:13.0859 Mode: Manual;
    2010/10/17 12:12:13.0859 ================================================================================
    2010/10/17 12:12:14.0281 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2010/10/17 12:12:14.0375 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/10/17 12:12:14.0421 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/10/17 12:12:14.0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/10/17 12:12:14.0546 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
    2010/10/17 12:12:14.0578 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/10/17 12:12:14.0671 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    2010/10/17 12:12:14.0718 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
    2010/10/17 12:12:14.0796 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
    2010/10/17 12:12:14.0828 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
    2010/10/17 12:12:14.0859 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
    2010/10/17 12:12:14.0875 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
    2010/10/17 12:12:14.0875 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/10/17 12:12:14.0921 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
    2010/10/17 12:12:15.0015 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2010/10/17 12:12:15.0031 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
    2010/10/17 12:12:15.0078 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
    2010/10/17 12:12:15.0125 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
    2010/10/17 12:12:15.0156 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
    2010/10/17 12:12:15.0171 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/10/17 12:12:15.0218 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/10/17 12:12:15.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/10/17 12:12:15.0281 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/10/17 12:12:15.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/10/17 12:12:15.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/10/17 12:12:15.0531 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/10/17 12:12:15.0593 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/10/17 12:12:15.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/10/17 12:12:15.0625 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/10/17 12:12:15.0765 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\system32\drivers\CT20XUT.SYS
    2010/10/17 12:12:15.0796 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\System32\drivers\CT20XUT.SYS
    2010/10/17 12:12:15.0859 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\WINDOWS\system32\drivers\ctac32k.sys
    2010/10/17 12:12:15.0890 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\WINDOWS\system32\drivers\ctaud2k.sys
    2010/10/17 12:12:15.0953 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\WINDOWS\system32\drivers\ctdvda2k.sys
    2010/10/17 12:12:16.0046 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
    2010/10/17 12:12:16.0093 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
    2010/10/17 12:12:16.0125 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
    2010/10/17 12:12:16.0140 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
    2010/10/17 12:12:16.0171 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\WINDOWS\system32\drivers\ctprxy2k.sys
    2010/10/17 12:12:16.0218 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\WINDOWS\system32\drivers\ctsfm2k.sys
    2010/10/17 12:12:16.0296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/10/17 12:12:16.0359 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2010/10/17 12:12:16.0359 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2010/10/17 12:12:16.0406 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2010/10/17 12:12:16.0406 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2010/10/17 12:12:16.0437 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2010/10/17 12:12:16.0453 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2010/10/17 12:12:16.0484 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    2010/10/17 12:12:16.0500 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2010/10/17 12:12:16.0531 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2010/10/17 12:12:16.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/10/17 12:12:16.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/10/17 12:12:16.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/10/17 12:12:16.0781 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/10/17 12:12:16.0828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/10/17 12:12:16.0843 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2010/10/17 12:12:16.0859 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2010/10/17 12:12:16.0906 emupia (04afe5c11777e33178ec11e1fac47b07) C:\WINDOWS\system32\drivers\emupia2k.sys
    2010/10/17 12:12:16.0937 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/10/17 12:12:17.0000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/10/17 12:12:17.0031 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/10/17 12:12:17.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/10/17 12:12:17.0078 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/10/17 12:12:17.0109 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/10/17 12:12:17.0140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/10/17 12:12:17.0187 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
    2010/10/17 12:12:18.0359 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/10/17 12:12:18.0437 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/10/17 12:12:18.0515 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\WINDOWS\system32\drivers\ha20x2k.sys
    2010/10/17 12:12:18.0562 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/10/17 12:12:18.0609 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/10/17 12:12:18.0687 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
    2010/10/17 12:12:18.0734 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
    2010/10/17 12:12:18.0812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/10/17 12:12:18.0906 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/10/17 12:12:18.0921 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iastor.sys
    2010/10/17 12:12:19.0000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/10/17 12:12:19.0062 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/10/17 12:12:19.0093 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/10/17 12:12:19.0140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/10/17 12:12:19.0156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/10/17 12:12:19.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/10/17 12:12:19.0218 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/10/17 12:12:19.0250 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/10/17 12:12:19.0281 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/10/17 12:12:19.0312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/10/17 12:12:19.0328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/10/17 12:12:19.0343 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/10/17 12:12:19.0390 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/10/17 12:12:19.0453 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/10/17 12:12:19.0484 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    2010/10/17 12:12:19.0562 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    2010/10/17 12:12:19.0593 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    2010/10/17 12:12:19.0625 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
    2010/10/17 12:12:19.0671 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2010/10/17 12:12:19.0703 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2010/10/17 12:12:19.0718 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/10/17 12:12:19.0750 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/10/17 12:12:19.0796 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
    2010/10/17 12:12:19.0812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/10/17 12:12:19.0843 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/10/17 12:12:19.0859 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/10/17 12:12:19.0890 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/10/17 12:12:19.0921 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/10/17 12:12:19.0953 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/10/17 12:12:20.0109 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/10/17 12:12:20.0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/10/17 12:12:20.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/10/17 12:12:20.0218 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/10/17 12:12:20.0250 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/10/17 12:12:20.0265 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/10/17 12:12:20.0312 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/10/17 12:12:20.0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/10/17 12:12:20.0359 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/10/17 12:12:20.0390 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/10/17 12:12:20.0421 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/10/17 12:12:20.0437 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/10/17 12:12:20.0484 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/10/17 12:12:20.0500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/10/17 12:12:20.0531 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/10/17 12:12:20.0625 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/10/17 12:12:20.0656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/10/17 12:12:20.0718 npusbio (0a01056f5128d80f6e6826e32ba52177) C:\WINDOWS\system32\Drivers\npusbio.sys
    2010/10/17 12:12:20.0750 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/10/17 12:12:20.0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/10/17 12:12:21.0109 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/10/17 12:12:21.0390 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    2010/10/17 12:12:21.0421 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    2010/10/17 12:12:21.0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/10/17 12:12:21.0484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/10/17 12:12:21.0515 NxDrv (cdf2a5f20509593140f8b3b965448c5b) C:\WINDOWS\system32\DRIVERS\NxDrv.sys
    2010/10/17 12:12:21.0546 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/10/17 12:12:21.0593 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\WINDOWS\system32\drivers\ctoss2k.sys
    2010/10/17 12:12:21.0640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/10/17 12:12:21.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/10/17 12:12:21.0781 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/10/17 12:12:21.0781 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/10/17 12:12:21.0843 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/10/17 12:12:21.0875 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/10/17 12:12:22.0015 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
    2010/10/17 12:12:22.0078 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/10/17 12:12:22.0093 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/10/17 12:12:22.0140 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
    2010/10/17 12:12:22.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/10/17 12:12:22.0187 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/10/17 12:12:22.0218 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
    2010/10/17 12:12:22.0234 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/10/17 12:12:22.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/10/17 12:12:22.0375 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/10/17 12:12:22.0406 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/10/17 12:12:22.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/10/17 12:12:22.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/10/17 12:12:22.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/10/17 12:12:22.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/10/17 12:12:22.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/10/17 12:12:22.0609 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/10/17 12:12:22.0671 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2010/10/17 12:12:22.0703 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2010/10/17 12:12:22.0750 SaiH0464 (486d1d821b0c7a7bc8706afd47ce9f94) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
    2010/10/17 12:12:23.0015 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/10/17 12:12:23.0093 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/10/17 12:12:23.0125 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/10/17 12:12:23.0171 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/10/17 12:12:23.0234 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/10/17 12:12:23.0312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/10/17 12:12:23.0328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/10/17 12:12:23.0375 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/10/17 12:12:23.0421 SSLDrv (39fd23001bcddb1e2621df197ecb9f4c) C:\WINDOWS\system32\DRIVERS\SSLDrv.sys
    2010/10/17 12:12:23.0453 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/10/17 12:12:23.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/10/17 12:12:23.0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/10/17 12:12:23.0593 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/10/17 12:12:23.0640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/10/17 12:12:23.0687 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/10/17 12:12:23.0718 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/10/17 12:12:23.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/10/17 12:12:23.0812 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
    2010/10/17 12:12:23.0843 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/10/17 12:12:23.0921 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/10/17 12:12:23.0984 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/10/17 12:12:24.0031 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/10/17 12:12:24.0046 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/10/17 12:12:24.0093 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/10/17 12:12:24.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/10/17 12:12:24.0125 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2010/10/17 12:12:24.0156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/10/17 12:12:24.0187 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/10/17 12:12:24.0203 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/10/17 12:12:24.0250 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/10/17 12:12:24.0265 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2010/10/17 12:12:24.0296 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    2010/10/17 12:12:24.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/10/17 12:12:24.0343 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/10/17 12:12:24.0390 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/10/17 12:12:24.0453 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/10/17 12:12:24.0500 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    2010/10/17 12:12:24.0578 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/10/17 12:12:24.0656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/10/17 12:12:24.0703 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    2010/10/17 12:12:24.0828 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2010/10/17 12:12:24.0859 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/10/17 12:12:24.0984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/10/17 12:12:25.0031 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/10/17 12:12:25.0234 ================================================================================
    2010/10/17 12:12:25.0234 Scan finished
    2010/10/17 12:12:25.0234 ================================================================================
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    OK.
    Delete your Combofix file, download fresh one and post new log.
     
  20. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    ComboFix 10-10-16.04 - HP_Administrator 10/17/2010 12:39:10.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1323 [GMT -5:00]
    Running from: c:\documents and settings\HP_Administrator\My Documents\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
    .

    2010-10-14 23:43 . 2010-10-14 23:43 -------- d-----w- c:\program files\Carbonite
    2010-10-13 13:41 . 2010-10-13 13:41 -------- d-----w- c:\program files\Common Files\Skype
    2010-10-13 04:55 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 04:55 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 04:55 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-06 22:32 . 2010-10-06 22:32 -------- d-----w- c:\program files\Bonjour
    2010-10-03 19:24 . 2010-10-03 19:24 -------- d-----w- c:\documents and settings\Sigrid\Local Settings\Application Data\PCHealth
    2010-09-22 23:10 . 2010-09-22 23:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-22 23:10 . 2010-09-22 23:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2010-09-20 00:17 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2010-09-20 00:17 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
    2010-09-18 15:16 . 2010-09-18 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-17_04.31.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-17 16:13 . 2010-10-17 16:13 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-04 180269]
    "SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-04-02 1103744]
    "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-28 81920]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]
    "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
    "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-09-15 281744]

    c:\documents and settings\Jennifer\Start Menu\Programs\Startup\
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    c:\documents and settings\Melissa\Start Menu\Programs\Startup\
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    c:\documents and settings\Sigrid\Start Menu\Programs\Startup\
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-8-31 385024]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-24 805392]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-2-13 118784]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-31 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\FileMaker\\FileMaker Pro 8\\FileMaker Pro.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
    "c:\\Program Files\\FileMaker\\FileMaker Pro 10\\FileMaker Pro.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
    "c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
    "c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"=
    "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/26/2010 4:26 PM 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/26/2010 4:26 PM 17744]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
    R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [5/17/2009 11:28 AM 36384]
    R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [10/21/2009 1:27 PM 22600]
    R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [3/31/2008 10:31 AM 136832]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7/20/2010 2:50 PM 79360]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
    S3 SASENUM;SASENUM;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
    S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [6/8/2007 6:02 PM 19640]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMD25
    *Deregistered* - klmd25
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://cm.my.yahoo.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    Trusted Zone: trymedia.com
    DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://dio.conbio.com/NELX.cab
    DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.130.69/DGTx.CAB
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
    FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1803973265-24010120-1312370383-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7972777E-C13A-3EA4-B0E6-6B2C125A01E1}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abhbinpgdpbiiecdeeodhldcdafffbadjo"=hex:61,61,00,00
    "bbhbinpgdpbiiecdeendchgpmpeabppdhmhd"=hex:61,61,00,00
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(744)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(4644)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\SetPoint\GameHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-10-17 12:46:55
    ComboFix-quarantined-files.txt 2010-10-17 17:46

    Pre-Run: 84,843,032,576 bytes free
    Post-Run: 84,821,102,592 bytes free

    - - End Of File - - 538984E0A15F00D27F78329B50CAC709
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    It looks much better :)

    You have a lot of startups, so remind me toward the end of this topic, so we can clean that list a little.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DDS::
    uInternet Settings,ProxyOverride = <local>;*.local
    
    RegNull::
    [HKEY_USERS\S-1-5-21-1803973265-24010120-1312370383-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7972777E-C13A-3EA4-B0E6-6B2C125A01E1}*]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  22. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    ComboFix 10-10-16.04 - HP_Administrator 10/17/2010 13:11:18.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1270 [GMT -5:00]
    Running from: c:\documents and settings\HP_Administrator\My Documents\ComboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
    .

    2010-10-14 23:43 . 2010-10-14 23:43 -------- d-----w- c:\program files\Carbonite
    2010-10-13 13:41 . 2010-10-13 13:41 -------- d-----w- c:\program files\Common Files\Skype
    2010-10-13 04:55 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 04:55 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 04:55 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-06 22:32 . 2010-10-06 22:32 -------- d-----w- c:\program files\Bonjour
    2010-10-03 19:24 . 2010-10-03 19:24 -------- d-----w- c:\documents and settings\Sigrid\Local Settings\Application Data\PCHealth
    2010-09-22 23:10 . 2010-09-22 23:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-22 23:10 . 2010-09-22 23:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2010-09-20 00:17 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2010-09-20 00:17 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
    2010-09-18 15:16 . 2010-09-18 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-17_04.31.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-17 16:13 . 2010-10-17 16:13 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-04 180269]
    "SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-04-02 1103744]
    "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-28 81920]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]
    "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
    "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-09-15 281744]

    c:\documents and settings\Jennifer\Start Menu\Programs\Startup\
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    c:\documents and settings\Melissa\Start Menu\Programs\Startup\
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    c:\documents and settings\Sigrid\Start Menu\Programs\Startup\
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-8-31 385024]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-24 805392]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-2-13 118784]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-31 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\FileMaker\\FileMaker Pro 8\\FileMaker Pro.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"=
    "c:\\Program Files\\FileMaker\\FileMaker Pro 10\\FileMaker Pro.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
    "c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
    "c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"=
    "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/26/2010 4:26 PM 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/26/2010 4:26 PM 17744]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
    R3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [5/17/2009 11:28 AM 36384]
    R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [10/21/2009 1:27 PM 22600]
    R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [3/31/2008 10:31 AM 136832]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7/20/2010 2:50 PM 79360]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
    S3 SASENUM;SASENUM;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
    S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [6/8/2007 6:02 PM 19640]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMD25
    *Deregistered* - klmd25
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://cm.my.yahoo.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    Trusted Zone: trymedia.com
    DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://dio.conbio.com/NELX.cab
    DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.130.69/DGTx.CAB
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
    FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\dj5fvfzf.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(744)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(2484)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\SetPoint\GameHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-10-17 13:15:59
    ComboFix-quarantined-files.txt 2010-10-17 18:15
    ComboFix2.txt 2010-10-17 17:46

    Pre-Run: 84,837,527,552 bytes free
    Post-Run: 84,814,872,576 bytes free

    - - End Of File - - 8C87FBC9C0D6381332E73292F266F6E6
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    OTL logfile created on: 10/17/2010 1:27:51 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.42 Gb Total Space | 79.02 Gb Free Space | 35.21% Space Free | Partition Type: NTFS
    Drive D: | 8.44 Gb Total Space | 1.19 Gb Free Space | 14.12% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/12 19:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/04/01 19:09:26 | 000,313,216 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
    PRC - [2010/04/01 19:09:24 | 001,103,744 | ---- | M] (SonicWALL Inc.) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
    PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/04/27 17:15:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    PRC - [2008/05/21 17:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/04 13:34:50 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2007/11/22 11:49:08 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    PRC - [2007/10/02 11:10:46 | 000,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    PRC - [2007/10/02 11:10:14 | 000,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    PRC - [2006/06/13 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2006/04/13 05:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    PRC - [2006/04/06 20:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
    PRC - [2006/03/17 11:30:26 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
    PRC - [2005/11/15 20:44:14 | 001,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    PRC - [2005/08/02 19:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
    PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/12 19:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
    MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
    MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx



    ===========================================================



    OTL Extras logfile created on: 10/17/2010 1:27:51 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\HP_Administrator\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.42 Gb Total Space | 79.02 Gb Free Space | 35.21% Space Free | Partition Type: NTFS
    Drive D: | 8.44 Gb Total Space | 1.19 Gb Free Space | 14.12% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
     
  25. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    Am I good?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...