rubydreamer
Posts: 41 +0
About a month ago, I somehow managed to get both the Antivirus AND Internet Security infections. At that time I had AVG.
I spent about a week or so getting rid of those issues with help given to others and my system was working well enough except for some minor annoying issues.
Occasionally, Firefox would pop up this unwanted spam page in a new tab, which was always one of a small set of URLs (obviously crap I didn't want that would likely lead to infections)
After getting rid of those two nasties I upped my defenses with Process Guard, PrivateFirewall and ThreatFire. Spyboy SD and MBAM were both showing nothing.
However, in looking to find the root of these continuing annoyances I stumbled upon several things over the next few weeks.
1. Ports 34354 and 18504 open via svchost (and nothing to explain why)
2. Occasionally a tiny rogue setup.exe being launched by svchost from a random temp directory. (I managed to snatch one before it was summarily deleted by itself)
3. Random reboots (usually late at night)
4. the application or dll 80000032.@ is not a valid windows image please check this against your installation. Messages (after I did a scandisk including a surface scan from a clean boot environment. Thank you HIREN boot CD)
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.11.04
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
HP_Administrator :: ELENGIL [administrator]
2/11/2012 10:29:32 AM
mbam-log-2012-02-11 (10-29-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260106
Time elapsed: 34 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\WINDOWS\system32\rtl8185.dll (RootKit.0Access.H) -> Delete on reboot.
Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETWORKLOG (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\WINDOWS\svcs.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 48
C:\WINDOWS\system32\rtl8185.dll (RootKit.0Access.H) -> Delete on reboot.
C:\WINDOWS\system32\alcxsens.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apphostsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ASLDRService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avgarcln.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axinstsv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DELTA.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ec2007service.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eectrl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\epsonstatusagent2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fsma.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Hardlock.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hidusb.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icepack.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iPassP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdclass.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcafeeantispyware.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcvsrte.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetMsmqActivator.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NICSer_WPC54G.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmindexingservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NWSNS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pavatscheduler.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\s716mgmt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\server.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siswlsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssmdrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ss_bus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\StkScan.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\symdns.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tangoservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdimsys.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\transbaseservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tvichw32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wencrservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wg3n.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WIBUKEY.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winachsf.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GENERICDRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpcnet.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zpjobq.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_NWFILTER.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\X10UIF.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prfldsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvuvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\magictuneengine.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-11 16:19:54
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e ST3320833AS rev.3.AHH
Running: 9kovs3ji.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kxldapog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_30
Run by HP_Administrator at 16:22:17 on 2012-02-11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.1923 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Privatefirewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\arservice.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\ThreatFire\TFService.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\ProcessGuard\pgaccount.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\SplitCam\SplitCam.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Internet\BitComet\BitComet.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\Internet\Mozilla Firefox 3\firefox.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.atcomet.com/b/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
{1e7837cb-ad5f-48be-b10e-b617da4d3343}
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\internet\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - hpWebHelper Class
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{fbd95266-b665-4e3e-aba8-ea06b7dea609}
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\internet\netxfer\NXToolBar.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
uRun: [!1_ProcessGuard_Startup] "c:\program files\processguard\procguard.exe" -minimize
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\drivermax.exe" -agent
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\drivermax.exe" -RESTART
uRun: [SplitCam] c:\program files\splitcam\SplitCam.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [!1_pgaccount] "c:\program files\processguard\pgaccount.exe"
mRun: [StartupDelayer] "c:\program files\startup delayer\Startup Launcher GUI.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mPolicies-explorer: NoStartMenuMorePrograms = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\internet\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\internet\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by NetXfer - c:\program files\internet\netxfer\NXAddList.html
IE: Download by NetXfer - c:\program files\internet\netxfer\NXAddLink.html
IE: Free YouTube Download - c:\documents and settings\hp_administrator\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\hp_administrator\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\internet\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\bubbles\BubblesHBO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: trymedia.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287561639000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1594FE92-FEC5-43E7-902C-E92A362EBDCF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{9B743EA3-719A-4C2C-A274-07437BDFF65F} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {AC519E4E-EDF0-48C7-8ADA-2A4A5B1C81C9} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUOebBS
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\internet\mozilla firefox 3\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\internet\mozilla firefox 3\plugins\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\internet\mozilla firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: XULRunner: {2AD94B75-6B3B-4902-885C-DF4193ED7271} - c:\documents and settings\hp_administrator\local settings\application data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-30 64512]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-2-4 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-2-4 69392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-24 242240]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-4-22 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-4-22 41680]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\lsoft technologies inc\active@ hard disk monitor\DiskMonitorService.exe [2009-10-24 1127944]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-9 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-1-19 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-1-19 49152]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2010-10-31 16976]
R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\processguard\DCSUserProt.exe [2011-12-20 69632]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\logitech\solarapp\L4301_Solar.exe [2010-10-26 319568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-7-16 12184]
R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2011-10-21 379328]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2011-12-20 24911]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-12-5 354176]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [2011-1-19 16976]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2010-1-24 70952]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-1-22 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-1-22 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-1-21 100456]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2011-12-18 130360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-2-4 33552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-3 2127728]
S0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [2009-10-5 3712]
S1 PDIDRV;PDIDRV; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-29 136176]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\fastre~2\iqwebftpserverengine.exe --> c:\progra~1\fastre~2\IQWebFTPServerEngine.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-8-19 30312]
S3 cpuz135;cpuz135;\??\c:\docume~1\hp_adm~1\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\hp_adm~1\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-29 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-7-17 24576]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-4-30 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-4-30 12184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp; [x]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-8-4 86016]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-1-19 590080]
S3 SjyPkt;SjyPkt; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-19 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [2011-8-19 16976]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [2011-8-19 16976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2006-11-11 805808]
S4 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
.
=============== Created Last 30 ================
.
2012-02-11 21:14:13 54016 ----a-w- c:\windows\system32\drivers\icdvgd.sys
2012-02-09 11:22:28 -------- d-sh--w- C:\found.001
2012-02-07 21:24:12 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 21:25:16 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-02-04 21:25:02 -------- d-----w- c:\program files\Security Task Manager
2012-02-04 20:16:59 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-02-04 20:16:59 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-02-04 20:16:59 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-02-04 20:16:56 -------- d-----w- c:\program files\ThreatFire
2012-02-04 20:16:56 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-02-02 17:40:07 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-01-29 20:26:24 -------- d-----w- c:\program files\Argente - Uninstall Manager
2012-01-24 22:39:41 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-24 22:38:05 -------- d-----w- c:\documents and settings\hp_administrator\application data\DAEMON Tools Lite
2012-01-24 22:22:37 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-01-21 06:49:18 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-01-21 06:49:02 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-01-21 06:49:02 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2012-01-21 06:49:02 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-21 06:49:02 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2012-01-21 06:49:02 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2012-01-21 06:49:01 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-01-21 06:49:01 23552 ----a-w- c:\windows\system32\wdmaud.drv
2012-01-21 06:49:00 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
2012-01-21 06:49:00 130048 ----a-w- c:\windows\system32\ksproxy.ax
.
==================== Find3M ====================
.
2012-01-27 03:13:01 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-01-27 03:13:01 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-01-26 17:33:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 07:33:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-31 07:33:28 472808 ----a-w- c:\windows\system32\REN196.tmp
2011-12-27 08:00:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-23 23:10:36 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 20:01:50 1618432 ----a-w- c:\program files\Default Programs Editor.exe
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 16:25:19.26 ===============
I spent about a week or so getting rid of those issues with help given to others and my system was working well enough except for some minor annoying issues.
Occasionally, Firefox would pop up this unwanted spam page in a new tab, which was always one of a small set of URLs (obviously crap I didn't want that would likely lead to infections)
After getting rid of those two nasties I upped my defenses with Process Guard, PrivateFirewall and ThreatFire. Spyboy SD and MBAM were both showing nothing.
However, in looking to find the root of these continuing annoyances I stumbled upon several things over the next few weeks.
1. Ports 34354 and 18504 open via svchost (and nothing to explain why)
2. Occasionally a tiny rogue setup.exe being launched by svchost from a random temp directory. (I managed to snatch one before it was summarily deleted by itself)
3. Random reboots (usually late at night)
4. the application or dll 80000032.@ is not a valid windows image please check this against your installation. Messages (after I did a scandisk including a surface scan from a clean boot environment. Thank you HIREN boot CD)
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.11.04
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
HP_Administrator :: ELENGIL [administrator]
2/11/2012 10:29:32 AM
mbam-log-2012-02-11 (10-29-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260106
Time elapsed: 34 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\WINDOWS\system32\rtl8185.dll (RootKit.0Access.H) -> Delete on reboot.
Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETWORKLOG (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\WINDOWS\svcs.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 48
C:\WINDOWS\system32\rtl8185.dll (RootKit.0Access.H) -> Delete on reboot.
C:\WINDOWS\system32\alcxsens.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apphostsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ASLDRService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avgarcln.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axinstsv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DELTA.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ec2007service.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eectrl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\epsonstatusagent2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fsma.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Hardlock.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hidusb.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icepack.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iPassP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdclass.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcafeeantispyware.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcvsrte.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetMsmqActivator.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NICSer_WPC54G.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmindexingservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NWSNS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pavatscheduler.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\s716mgmt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\server.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siswlsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssmdrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ss_bus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\StkScan.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\symdns.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tangoservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdimsys.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\transbaseservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tvichw32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wencrservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wg3n.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WIBUKEY.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winachsf.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GENERICDRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lcs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpcnet.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zpjobq.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_NWFILTER.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\X10UIF.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prfldsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvuvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\magictuneengine.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-11 16:19:54
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e ST3320833AS rev.3.AHH
Running: 9kovs3ji.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kxldapog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_30
Run by HP_Administrator at 16:22:17 on 2012-02-11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.1923 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Privatefirewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\arservice.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\ThreatFire\TFService.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\ProcessGuard\pgaccount.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\SplitCam\SplitCam.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Internet\BitComet\BitComet.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\Internet\Mozilla Firefox 3\firefox.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.atcomet.com/b/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
{1e7837cb-ad5f-48be-b10e-b617da4d3343}
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\internet\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - hpWebHelper Class
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{fbd95266-b665-4e3e-aba8-ea06b7dea609}
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\internet\netxfer\NXToolBar.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
uRun: [!1_ProcessGuard_Startup] "c:\program files\processguard\procguard.exe" -minimize
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\drivermax.exe" -agent
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\drivermax.exe" -RESTART
uRun: [SplitCam] c:\program files\splitcam\SplitCam.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [!1_pgaccount] "c:\program files\processguard\pgaccount.exe"
mRun: [StartupDelayer] "c:\program files\startup delayer\Startup Launcher GUI.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mPolicies-explorer: NoStartMenuMorePrograms = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\internet\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\internet\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by NetXfer - c:\program files\internet\netxfer\NXAddList.html
IE: Download by NetXfer - c:\program files\internet\netxfer\NXAddLink.html
IE: Free YouTube Download - c:\documents and settings\hp_administrator\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\hp_administrator\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\internet\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\bubbles\BubblesHBO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: trymedia.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287561639000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1594FE92-FEC5-43E7-902C-E92A362EBDCF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{9B743EA3-719A-4C2C-A274-07437BDFF65F} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {AC519E4E-EDF0-48C7-8ADA-2A4A5B1C81C9} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUOebBS
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\internet\mozilla firefox 3\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\o17z89r9.firefox3\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\internet\mozilla firefox 3\plugins\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\internet\mozilla firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\internet\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: XULRunner: {2AD94B75-6B3B-4902-885C-DF4193ED7271} - c:\documents and settings\hp_administrator\local settings\application data\{2AD94B75-6B3B-4902-885C-DF4193ED7271}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-30 64512]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-2-4 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-2-4 69392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-24 242240]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-4-22 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-4-22 41680]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\lsoft technologies inc\active@ hard disk monitor\DiskMonitorService.exe [2009-10-24 1127944]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-9 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-1-19 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-1-19 49152]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2010-10-31 16976]
R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\processguard\DCSUserProt.exe [2011-12-20 69632]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\logitech\solarapp\L4301_Solar.exe [2010-10-26 319568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-7-16 12184]
R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2011-10-21 379328]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2011-12-20 24911]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-12-5 354176]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [2011-1-19 16976]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2010-1-24 70952]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-1-22 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-1-22 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-1-21 100456]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2011-12-18 130360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-2-4 33552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-3 2127728]
S0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [2009-10-5 3712]
S1 PDIDRV;PDIDRV; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-29 136176]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\fastre~2\iqwebftpserverengine.exe --> c:\progra~1\fastre~2\IQWebFTPServerEngine.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-8-19 30312]
S3 cpuz135;cpuz135;\??\c:\docume~1\hp_adm~1\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\hp_adm~1\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-29 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-7-17 24576]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-4-30 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-4-30 12184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp; [x]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-8-4 86016]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-1-19 590080]
S3 SjyPkt;SjyPkt; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-19 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [2011-8-19 16976]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [2011-8-19 16976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2006-11-11 805808]
S4 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
.
=============== Created Last 30 ================
.
2012-02-11 21:14:13 54016 ----a-w- c:\windows\system32\drivers\icdvgd.sys
2012-02-09 11:22:28 -------- d-sh--w- C:\found.001
2012-02-07 21:24:12 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 21:25:16 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-02-04 21:25:02 -------- d-----w- c:\program files\Security Task Manager
2012-02-04 20:16:59 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-02-04 20:16:59 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-02-04 20:16:59 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-02-04 20:16:56 -------- d-----w- c:\program files\ThreatFire
2012-02-04 20:16:56 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-02-02 17:40:07 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-01-29 20:26:24 -------- d-----w- c:\program files\Argente - Uninstall Manager
2012-01-24 22:39:41 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-24 22:38:05 -------- d-----w- c:\documents and settings\hp_administrator\application data\DAEMON Tools Lite
2012-01-24 22:22:37 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-01-21 06:49:18 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-01-21 06:49:02 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-01-21 06:49:02 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2012-01-21 06:49:02 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-21 06:49:02 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2012-01-21 06:49:02 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2012-01-21 06:49:01 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-01-21 06:49:01 23552 ----a-w- c:\windows\system32\wdmaud.drv
2012-01-21 06:49:00 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
2012-01-21 06:49:00 130048 ----a-w- c:\windows\system32\ksproxy.ax
.
==================== Find3M ====================
.
2012-01-27 03:13:01 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-01-27 03:13:01 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-01-26 17:33:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 07:33:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-31 07:33:28 472808 ----a-w- c:\windows\system32\REN196.tmp
2011-12-27 08:00:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-23 23:10:36 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
2011-12-23 20:52:17 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 20:01:50 1618432 ----a-w- c:\program files\Default Programs Editor.exe
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 16:25:19.26 ===============