Random .exe Processes mutiplying itself in Task Mananger, and Slowing Down Computer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

iLJ

Thread Starter
Joined
Jan 16, 2011
Messages
9
Hi everyone,

Recently I had caught a virus, and had noticed because my computer began to act up, I did a couple of restores and then eventually I restored it to the first day I got it with no programs installed, and the virus went away. My computer has been working fine for the past 2 weeks since I did this restore until today. Today I noticed that it began to process very slow, I am very good with computers so I know when my computer is fine or not, and once I noticed I went straight to the task manager and looked up processes, and saw some weird processes that were normally not there. I then refuted from restarting my computer even though It was unusable from the state that it was in. I start killing unknown .exe's processes from the normal 34 that I never seen and then as I did so they began to multiply. I didn't freak as I knew I been saving system system restores everyday, from the original date I bought the computer and since the computer didn't have the option of destructive restore, I did a system restore to the date of 1/11/11. My computer began to work fine but then a window popped up and said "Windows has closed this process or something and had done this to protect you from viruses," that is when I knew the virus had been something worse than a normal virus. I then immediately seen another popup, pop up and say the "touchpad" has been disable because another device has been connected to my computer???" That is when I did a system restore to when the first day I got the computer and I opened Task manager immediately with the Ethernet cable unplugged. Thirty-four processes were running, which meant that my computer was fine. But then when I reconnected the ethernet cord and connected to the internet, the process began to appear and that is when I googled this problem and saw that dvk01 on here had fixed this problem for someone. The process that multiplied at first was called ip something, then as I was trying to do the scans that you guys want, I saw something download called rtrui.exe (in winrar archive) and I got scared and immediately turned it off. I turned it back on in safe mode, then rtrui.exe began to multiply, and slow my computer and I restored again, and then when I clicked revo uninstaller, the process pfiw.exe began to multiply, right now it is only multiplying up to 4 processes, but when I kill it, it can multiply itself up to 26 times- more and slow my computer dramatically. Also I figured out that it has attached itself to my programs, so any program I start it begins to start itself as a process, but If i restore and do not open anything, it does not do anything. I tried to be as descriptive as possible and I will paste my scans below, I am hoping you guys can assist me with this problem as I am in need to use my computer badly. ;[

Thanks in advance & Regards,

Lanon Johnson
Update: (Pictures Attached)
Pictures of the first popup that popped up, it just popped up when I restored my computer. (Had to, it was in the state where I could not even move my mouse)
Also pictures of the examples that it is doing... (Getting Scared)

System Info
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.73GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 1271 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 57224 MB, Free - 7402 MB;
Motherboard: Hewlett-Packard, 3088, KBC Version 39.17,
Antivirus: eTrust ITM, Updated: No, On-Demand Scanner: Enabled

Hijackthis Scan
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:59:16 PM, on 1/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Documents and Settings\Administrator\Application Data\pfiw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\Application Data\pfiw.exe -dwup
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = centinela.k12.ca.us
O17 - HKLM\Software\..\Telephony: DomainName = centinela.k12.ca.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = centinela.k12.ca.us
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Unknown owner - C:\Program Files\CA\eTrustITM\InoRpc.exe (file missing)
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - Unknown owner - C:\Program Files\CA\eTrustITM\InoRT.exe (file missing)
O23 - Service: eTrust ITM Job Service (InoTask) - Unknown owner - C:\Program Files\CA\eTrustITM\InoTask.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9432 bytes


DDS Scan

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 18:03:16.50 on Sun 01/16/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.667 [GMT -8:00]

AV: eTrust ITM *Enabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Documents and Settings\Administrator\Application Data\pfiw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr
C:\Documents and Settings\Administrator\Application Data\pfiw.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hp.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\administrator\application data\pfiw.exe -dwup
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe

============= SERVICES / DRIVERS ===============

R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-20 53248]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [2009-2-20 22272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S3 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2002-9-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2002-9-20 77824]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]

=============== Created Last 30 ================

2011-01-17 01:31:35 40960 ----a-w- c:\docume~1\admini~1\locals~1\applic~1\3135234.exe
2011-01-17 01:31:29 61440 --sh--w- c:\docume~1\admini~1\applic~1\pfiw.exe
2011-01-17 01:31:20 61440 ----a-w- c:\documents and settings\administrator\hhdr.exe
2011-01-17 01:18:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-17 01:18:30 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-13 14:58:49 -------- d-----w- c:\program files\AIM7
2011-01-12 12:33:16 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-01-12 12:33:16 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-12 12:27:05 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple
2011-01-12 10:14:31 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
2011-01-12 10:14:24 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google
2011-01-12 10:13:52 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Deployment
2011-01-12 10:12:41 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-01-12 09:36:37 -------- d-----w- c:\windows\LastGood(2)
2011-01-12 07:47:46 -------- d-----w- c:\program files\Mozilla Firefox(3)
2011-01-12 07:31:10 -------- d-----w- c:\program files\common files\SureThing Shared
2011-01-12 06:38:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-01 14:19:25 -------- d-----w- c:\program files\GHost Files
2010-12-30 10:54:50 -------- d-----w- c:\docume~1\admini~1\applic~1\PCF-VLC
2010-12-30 09:25:47 -------- d-----w- c:\docume~1\admini~1\applic~1\Participatory Culture Foundation
2010-12-24 19:23:00 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\AOL
2010-12-24 19:23:00 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\AIM
2010-12-24 19:22:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\AIM
2010-12-24 19:22:50 -------- d-----w- c:\program files\AIM
2010-12-24 19:22:48 -------- d-----w- c:\program files\common files\AOL
2010-12-21 15:48:36 -------- d-----w- c:\windows\pss
2010-12-20 08:06:51 -------- d-----w- c:\program files\Warcraft III(2).temp
2010-12-20 08:03:45 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2010-12-20 08:03:38 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Apple Computer
2010-12-19 17:46:40 -------- d-----w- c:\program files\SelectRebates
2010-12-18 20:55:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-12-18 20:33:06 -------- d-----w- c:\program files\iPod
2010-12-18 20:33:02 -------- d-----w- c:\program files\iTunes
2010-12-18 20:33:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-18 20:31:40 -------- d-----w- c:\program files\QuickTime(2)
2010-12-18 20:31:21 -------- d-----w- c:\program files\Apple Software Update(2)
2010-12-18 20:29:06 -------- d-----w- c:\program files\Bonjour
2010-12-18 18:50:14 -------- d-----w- c:\program files\common files\Blizzard Entertainment.temp
2010-12-18 17:20:08 -------- d-----w- c:\windows\.jagex_cache_32
2010-12-18 17:06:22 -------- d-----w- c:\windows\system32\Debug
2010-12-18 08:39:44 -------- d-----w- c:\program files\GetMiro Toolbar
2010-12-18 08:33:48 -------- d-----w- c:\program files\Participatory Culture Foundation
2010-12-18 08:32:16 -------- d-----w- c:\program files\VS Revo Group

==================== Find3M ====================

2010-12-17 00:30:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-17 00:30:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-19 18:04:06 0 ----a-w- C:\LOG94.tmp

============= FINISH: 18:05:05.45 ===============

Gmer Scan
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-16 23:14:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541060G9AT00 rev.MB3OA56J
Running: ddcogt94.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uglyapob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] [email protected]@Z 77C29CC5 5 Bytes JMP 0A90D480 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] [email protected]@Z 77C29CDD 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] [email protected]@[email protected] 77C29D9F 5 Bytes JMP 0A90D500 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A90D3E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A90D3C0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A90D420 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A90D400 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A90D3A0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A90D550 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A90D560 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A90D581 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A90D650 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A90D620 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A90D590 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A90D2E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A90D270 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A90D230 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[824] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A90D2B0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
 

Attachments

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
 

iLJ

Thread Starter
Joined
Jan 16, 2011
Messages
9
Update: Last night I ran an eset scan, and it ran for 13 hours I believe and these are the results. (Just in case it helps)

Following your procedure now, and will post very soon.


ESET SCAN
C:\Documents and Settings\Administrator\Local Settings\Application Data\3343546.exe a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0IMWAKKL\m[2].s a variant of Win32/Injector.EHJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3X4HM1UC\header[1].png a variant of Win32/Injector.EFW trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G2FR5VAO\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HHS5CV4L\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HHS5CV4L\dir[2].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SBG33KQ9\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WX9K15ZZ\m[1].s a variant of Win32/Injector.EHJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\W3XNameSpooferPro11800.exe Win32/VB.NNA trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lanon\Local Settings\Temporary Internet Files\Content.IE5\I0JQBJL6\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
C:\Documents and Settings\Lanon\Local Settings\Temporary Internet Files\Content.IE5\RZCDDSUU\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
C:\Documents and Settings\LJ\Local Settings\Temporary Internet Files\Content.IE5\I0JQBJL6\m[1].s a variant of Win32/Injector.EHJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\6.0\40\3cda1268-51933822 probably a variant of Win32/Agent.JHBSDMY trojan deleted - quarantined
C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-6219ad4d probably a variant of Win32/TrojanDownloader.Agent.KJVDHSG trojan deleted - quarantined
C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-570bedc2 probably a variant of Win32/Agent.JHBSDMY trojan deleted - quarantined
C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-396c70dc-44ad9e45.zip probably a variant of Win32/Agent.JHBSDMY trojan deleted - quarantined
C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-7abe0d82.zip probably a variant of Win32/TrojanDownloader.Agent.KJVDHSG trojan deleted - quarantined
C:\Documents and Settings\mcastudent\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-56174bad.zip probably a variant of Win32/Agent.JHBSDMY trojan deleted - quarantined
C:\Documents and Settings\mcastudent\Local Settings\Temp\nsk4A1.tmp\Install.dll a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
C:\Documents and Settings\mcastudent\Local Settings\Temp\nsw542.tmp\Install.dll a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
C:\Documents and Settings\mcastudent\Local Settings\Temp\nsy546.tmp\Install.dll a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
C:\Documents and Settings\mcastudent\Local Settings\Temp\ZAN543.exe a variant of Win32/Adware.HotBar.E application deleted - quarantined
C:\Documents and Settings\mcastudent\Local Settings\Temporary Internet Files\Content.IE5\10T4HM5I\dir[1].gif a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
C:\Documents and Settings\mcastudent\Local Settings\Temporary Internet Files\Content.IE5\73NAZRSN\m[1].s a variant of Win32/Injector.EHJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\mcastudent\My Documents\Downloads\eMuleSetup.exe a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined
C:\Documents and Settings\mcastudent\My Documents\Downloads\FretsSetup.exe a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined
C:\Documents and Settings\mcastudent\rauoza.exe Win32/AutoRun.VB.GJ worm cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe a variant of Win32/Kryptik.EZC trojan cleaned by deleting (after the next restart) - quarantined
 

Attachments

iLJ

Thread Starter
Joined
Jan 16, 2011
Messages
9
I know this is going to sound crazy, but when I installed combo fix and double click to run it, it did a loading screen for about 19 seconds, (like a download screen with the green bars) and once it finished nothing else happened. No window popped up at all, so I clicked on the task manager and I saw that once I had launched combo fix, it started multiplying itself again and slowing my computer , it got to the point where I had to log off, and as I did a pev.exe pop up box had popped up, and said application error. (I don't even know what that is?, is that the process that was hiding in my processes that was causing all this behavior?)

Anyways once I logged back in, I reread the post and it said not to re-run combo-fix if an error occurred just to report back here, and I am glad to say when my computer loaded back up a box on the top left had said waiting to load
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe a variant of Win32/Injector.EIF trojan cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe a variant of Win32/Kryptik.EZC trojan cleaned by deleting (after the next restart) - quarantined

^ One of those files for example you know you go "run" "msconfig" to get to the box where you can disable the startup menu or boot.ini, and then after reboot when you load your computer (or first login) the box will popup in the left top corner and then you will load normally, I guess that box had loaded but it was looking for the malware or infected file that was deleted I guess when I rebooted.

Since it could not load the file my computer did not load as normal, it had a blue screen with no applications in the background, (I thought explorer.exe was not running, but I looked in the task manager, and it actually was) So I tried to kill it, then reload run it, and it still remained the same with that box in the top left corner. I then saw that .exe that had multiplied itself, and I proceeded to kill it, and when I did windows had started as normal, the crazy part about this is that the .exe did not multiply itself like usual when I killed it, so I do not know what has happened. Did Eset scan remove all the malware when I ran it overnight? I only followed this step because I saw that dvk told this one guy to do so, and after he said he didn't see this instance anymore. I ran a couple of speed test and since then (20 minutes ago) my computer speed is back to normal downloading movies at about 2mbps per sec/ and the internet is way faster.

Any ideas?
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi

You are still infected or ComboFix would have run.

Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT

Please delete the copy of ComboFix that you have on your desktop and download a fresh copy but rename it to iexplore before saving it to your desktop, now try and run it, make sure all your security programs are disabled or they will interfere.


If it still wont run, try running it in safemode.
 

iLJ

Thread Starter
Joined
Jan 16, 2011
Messages
9
I ran the scan, and it said no threats found. Do I run combo-fix now?

TDSKiller Scan
2011/01/17 17:05:20.0218 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/17 17:05:20.0218 ================================================================================
2011/01/17 17:05:20.0218 SystemInfo:
2011/01/17 17:05:20.0218
2011/01/17 17:05:20.0218 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/17 17:05:20.0218 Product type: Workstation
2011/01/17 17:05:20.0218 ComputerName: LZMCA-07
2011/01/17 17:05:20.0218 UserName: Administrator
2011/01/17 17:05:20.0218 Windows directory: C:\WINDOWS
2011/01/17 17:05:20.0218 System windows directory: C:\WINDOWS
2011/01/17 17:05:20.0218 Processor architecture: Intel x86
2011/01/17 17:05:20.0218 Number of processors: 1
2011/01/17 17:05:20.0218 Page size: 0x1000
2011/01/17 17:05:20.0218 Boot type: Normal boot
2011/01/17 17:05:20.0218 ================================================================================
2011/01/17 17:05:20.0515 Initialize success
2011/01/17 17:05:25.0109 ================================================================================
2011/01/17 17:05:25.0109 Scan started
2011/01/17 17:05:25.0109 Mode: Manual;
2011/01/17 17:05:25.0109 ================================================================================
2011/01/17 17:05:28.0703 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/17 17:05:28.0765 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/17 17:05:28.0859 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/01/17 17:05:28.0906 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/17 17:05:28.0984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/17 17:05:29.0125 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/01/17 17:05:29.0531 aiptektp (d4944a84245f67094fd4867f2c1b6993) C:\WINDOWS\system32\DRIVERS\aiptektp.sys
2011/01/17 17:05:29.0609 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/17 17:05:29.0781 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/17 17:05:29.0984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/17 17:05:30.0000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/17 17:05:30.0093 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/17 17:05:30.0140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/17 17:05:30.0359 b57w2k (2dc524a5d9c4879e7a7cb7100a2d36b4) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/01/17 17:05:30.0453 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/01/17 17:05:30.0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/17 17:05:30.0531 BTWUSB (fff2e9961021b3be82847690f54a2ef5) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/01/17 17:05:30.0578 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/17 17:05:30.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/17 17:05:30.0671 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/17 17:05:30.0703 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/17 17:05:30.0828 ClntMgmt.sys (573da08641afc8d940e0431945867906) C:\WINDOWS\System32\Drivers\ClntMgmt.sys
2011/01/17 17:05:31.0046 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/17 17:05:31.0109 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/17 17:05:31.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/17 17:05:31.0437 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/17 17:05:31.0500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/17 17:05:31.0578 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/17 17:05:31.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/17 17:05:31.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/17 17:05:31.0812 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/01/17 17:05:31.0875 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/01/17 17:05:32.0000 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/01/17 17:05:32.0140 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
2011/01/17 17:05:32.0390 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/17 17:05:32.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/17 17:05:32.0593 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/17 17:05:32.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/17 17:05:32.0859 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/17 17:05:33.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/17 17:05:33.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/17 17:05:33.0203 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/17 17:05:33.0375 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/17 17:05:33.0546 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
2011/01/17 17:05:33.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/17 17:05:34.0156 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/17 17:05:34.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/17 17:05:34.0812 ialm (65e836680b2902ab7ff037a17b519cff) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/17 17:05:35.0015 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/17 17:05:35.0296 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/17 17:05:35.0343 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/17 17:05:35.0421 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/17 17:05:35.0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/17 17:05:35.0625 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/17 17:05:35.0734 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/17 17:05:36.0031 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/17 17:05:36.0125 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/01/17 17:05:36.0312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/17 17:05:36.0515 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/17 17:05:36.0750 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/17 17:05:36.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/17 17:05:37.0000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/17 17:05:37.0343 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/17 17:05:37.0578 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/17 17:05:37.0750 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/17 17:05:37.0812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/17 17:05:37.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/17 17:05:38.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/17 17:05:38.0187 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/17 17:05:38.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/17 17:05:38.0515 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/17 17:05:38.0687 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/17 17:05:38.0859 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/17 17:05:39.0031 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/17 17:05:39.0140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/17 17:05:39.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/17 17:05:39.0390 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/17 17:05:39.0437 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/17 17:05:39.0531 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/17 17:05:39.0562 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/17 17:05:39.0609 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/17 17:05:39.0671 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/17 17:05:39.0781 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/17 17:05:39.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/17 17:05:39.0890 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/17 17:05:40.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/17 17:05:40.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/17 17:05:40.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/17 17:05:40.0156 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/01/17 17:05:40.0203 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/01/17 17:05:40.0265 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/01/17 17:05:40.0375 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/01/17 17:05:40.0468 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/17 17:05:40.0546 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/17 17:05:40.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/17 17:05:40.0656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/17 17:05:40.0687 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/17 17:05:40.0765 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/17 17:05:40.0828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/17 17:05:41.0093 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/17 17:05:41.0140 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/17 17:05:41.0187 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/17 17:05:41.0250 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/17 17:05:41.0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/17 17:05:41.0609 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/01/17 17:05:41.0656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/17 17:05:41.0687 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/17 17:05:41.0750 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/17 17:05:41.0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/17 17:05:41.0906 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/17 17:05:42.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/17 17:05:42.0140 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/17 17:05:42.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/17 17:05:43.0796 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/01/17 17:05:45.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/17 17:05:46.0453 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/01/17 17:05:47.0328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/17 17:05:48.0250 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/17 17:05:49.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/01/17 17:05:51.0031 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/01/17 17:05:52.0046 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys
2011/01/17 17:05:53.0156 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2011/01/17 17:05:54.0968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/17 17:05:55.0968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/17 17:05:56.0781 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/17 17:05:56.0828 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/01/17 17:05:56.0875 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/01/17 17:05:57.0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/17 17:05:57.0187 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/17 17:05:57.0328 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/17 17:05:57.0359 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/17 17:05:57.0453 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/17 17:05:57.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/17 17:05:58.0000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/17 17:05:59.0078 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/17 17:05:59.0343 tfsnboio (2aceb9567639ff2db9d862104a80227a) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/01/17 17:05:59.0484 tfsncofs (d9f936eac2a6d55e3de87bedff8137a9) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/01/17 17:05:59.0515 tfsndrct (0fd9805bc047ada2cff540d4b7fa71fb) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/01/17 17:05:59.0546 tfsndres (f8b907198e2540a4a340f1e6775f7b71) C:\WINDOWS\system32\dla\tfsndres.sys
2011/01/17 17:05:59.0640 tfsnifs (fb11349b31346290d098941f0216cc45) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/01/17 17:05:59.0687 tfsnopio (1994265f3a90e23a9434bba687f1a069) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/01/17 17:05:59.0781 tfsnpool (0b3d2bd550aa63bfd25ae8c5afbf7f76) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/01/17 17:05:59.0906 tfsnudf (716edddba259a2d699332df95301edda) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/01/17 17:05:59.0921 tfsnudfa (a8ee7bbdd0b8c01e38221d0dca2e7aaa) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/01/17 17:06:00.0000 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
2011/01/17 17:06:00.0156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/17 17:06:00.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/17 17:06:00.0375 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/17 17:06:00.0406 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/17 17:06:00.0453 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/17 17:06:00.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/17 17:06:00.0609 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
2011/01/17 17:06:00.0703 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/17 17:06:00.0890 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/17 17:06:00.0937 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/17 17:06:00.0984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/17 17:06:01.0031 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/17 17:06:01.0062 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/17 17:06:01.0343 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/01/17 17:06:01.0656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/17 17:06:01.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/17 17:06:01.0906 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/17 17:06:01.0984 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/01/17 17:06:02.0078 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/17 17:06:02.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/17 17:06:02.0234 ================================================================================
2011/01/17 17:06:02.0234 Scan finished
2011/01/17 17:06:02.0234 ================================================================================
 

Attachments

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
yes, please try running the renamed ComboFix, try it in safe mode if it still wont run in normal mode
 

iLJ

Thread Starter
Joined
Jan 16, 2011
Messages
9
Tried it in safe mode, and in normal mode, but its not running, it just loads all the way and has a tab at the bottom by the start menu, and when it fully loads, it dissapears and then the .exe processes begin multiplying themselves all over again and slowing my computer.
Added: Now when I shutdown or restart, a application error pops up that says pev.exe error or some crap.
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi

Please do the following:

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    c:\windows\system32\userinit.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe



NEXT



  • Download OTL and save it to your desktop.
  • Double click on the
    icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt and save it to your Desktop. (You may need to right click on it and select "Save")
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
 

iLJ

Thread Starter
Joined
Jan 16, 2011
Messages
9
Sorry it took so long, my computer is going very slow right now, here are the files scanned by virscan.org Posting the otl in a few.

c:\windows\system32\userinit.exe Content :
VirSCAN.org Scanned Report :
Scanned time : 2011/01/17 18:44:27 (PST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report : http://virscan.org/report/425db76687e7a0c8743e1d2b811cf709.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110118002000 2011-01-18 5.61 -
AhnLab V3 2011.01.11.00 2011.01.11 2011-01-11 1.50 -
AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.28 -
Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
Arcavir 2010 201101181043 2011-01-18 0.05 -
Authentium 5.1.1 201101171726 2011-01-17 1.71 -
AVAST! 4.7.4 110117-1 2011-01-17 0.01 -
AVG 8.5.850 271.1.1/3387 2011-01-18 0.26 -
BitDefender 7.90123.6660429 7.35760 2011-01-18 6.87 -
ClamAV 0.96.5 12536 2011-01-18 0.00 -
Comodo 4.0 7424 2011-01-17 0.98 -
CP Secure 1.3.0.5 2011.01.17 2011-01-17 0.05 -
Dr.Web 5.0.2.3300 2011.01.18 2011-01-18 10.93 -
F-Prot 4.4.4.56 20110117 2011-01-17 1.49 -
F-Secure 7.02.73807 2011.01.17.07 2011-01-17 0.30 -
Fortinet 4.2.254 12.806 2011-01-17 0.27 -
GData 21.1583/21.624 20110118 2011-01-18 21.56 -
ViRobot 20110117 2011.01.17 2011-01-17 2.25 -
Ikarus T3.1.32.15.0 2011.01.17.77549 2011-01-17 4.96 -
JiangMin 13.0.900 2011.01.17 2011-01-17 1.62 -
Kaspersky 5.5.10 2011.01.17 2011-01-17 0.18 -
KingSoft 2009.2.5.15 2011.1.17.18 2011-01-17 0.97 -
McAfee 5400.1158 6229 2011-01-17 19.74 -
Microsoft 1.6402 2011.01.17 2011-01-17 15.44 -
Norman 6.06.12 6.06.00 2011-01-17 14.01 -
Panda 9.05.01 2011.01.17 2011-01-17 2.49 -
Trend Micro 9.200-1012 7.774.20 2011-01-17 0.04 -
Quick Heal 11.00 2011.01.17 2011-01-17 1.18 -
Rising 20.0 22.83.00.03 2011-01-17 2.37 -
Sophos 3.15.0 4.61 2011-01-18 3.16 -
Sunbelt 3.9.2464.2 8105 2011-01-17 2.22 -
Symantec 1.3.0.24 20110116.003 2011-01-16 0.17 -
nProtect 20110116.01 9619968 2011-01-16 21.34 -
The Hacker 6.7.0.1 v00115 2011-01-14 0.65 -
VBA32 3.12.14.2 20110116.1511 2011-01-16 3.67 -
VirusBuster 5.2.0.28 13.6.151.0/42813722011-01-17 0.00 -



c:\windows\explorer.exe Content :
VirSCAN.org Scanned Report :
Scanned time : 2011/01/17 18:48:37 (PST)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report : http://virscan.org/report/dd23ee426492f550a91ef5c0d7b0bc73.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110118002000 2011-01-18 7.04 -
AhnLab V3 2011.01.11.00 2011.01.11 2011-01-11 2.41 -
AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.30 -
Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
Arcavir 2010 201101181043 2011-01-18 0.14 -
Authentium 5.1.1 201101172247 2011-01-17 2.63 -
AVAST! 4.7.4 110117-1 2011-01-17 0.06 -
AVG 8.5.850 271.1.1/3387 2011-01-18 0.25 -
BitDefender 7.90123.6660429 7.35760 2011-01-18 6.10 -
ClamAV 0.96.5 12537 2011-01-18 0.23 -
Comodo 4.0 7424 2011-01-17 1.19 -
CP Secure 1.3.0.5 2011.01.17 2011-01-17 0.11 -
Dr.Web 5.0.2.3300 2011.01.18 2011-01-18 10.87 -
F-Prot 4.4.4.56 20110117 2011-01-17 2.41 -
F-Secure 7.02.73807 2011.01.17.07 2011-01-17 0.18 -
Fortinet 4.2.254 12.806 2011-01-17 0.35 -
GData 21.1583/21.624 20110118 2011-01-18 9.74 -
ViRobot 20110117 2011.01.17 2011-01-17 0.38 -
Ikarus T3.1.32.15.0 2011.01.18.77550 2011-01-18 4.97 -
JiangMin 13.0.900 2011.01.17 2011-01-17 1.82 -
Kaspersky 5.5.10 2011.01.17 2011-01-17 0.10 -
KingSoft 2009.2.5.15 2011.1.17.18 2011-01-17 2.49 -
McAfee 5400.1158 6229 2011-01-17 22.11 -
Microsoft 1.6402 2011.01.17 2011-01-17 3.84 -
Norman 6.06.12 6.06.00 2011-01-17 14.02 -
Panda 9.05.01 2011.01.17 2011-01-17 22.43 -
Trend Micro 9.200-1012 7.774.20 2011-01-17 0.04 -
Quick Heal 11.00 2011.01.17 2011-01-17 10.43 -
Rising 20.0 22.83.00.03 2011-01-17 2.32 -
Sophos 3.15.0 4.61 2011-01-18 3.13 -
Sunbelt 3.9.2464.2 8105 2011-01-17 0.59 -
Symantec 1.3.0.24 20110116.003 2011-01-16 0.10 -
nProtect 20110116.01 9619968 2011-01-16 14.76 -
The Hacker 6.7.0.1 v00115 2011-01-14 0.54 -
VBA32 3.12.14.2 20110116.1511 2011-01-16 3.54 -
VirusBuster 5.2.0.28 13.6.151.0/42813722011-01-17 0.00 -



c:\windows\system32\ctfmon.exe Content :
VirSCAN.org Scanned Report :
Scanned time : 2011/01/17 19:00:42 (PST)
Scanner results: Scanners did not find malware!
File Name : ctfmon.exe
File Size : 15360 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 5f1d5f88303d4a4dbc8e5f97ba967cc3
SHA1 : 99cb7370f16773c8e2d0c86fe805ec638ab126e9
Online report : http://virscan.org/report/5f9261794eb1244cbeb86a914197f25e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110118002000 2011-01-18 6.83 -
AhnLab V3 2011.01.11.00 2011.01.11 2011-01-11 1.64 -
AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.28 -
Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
Arcavir 2010 201101181043 2011-01-18 0.04 -
Authentium 5.1.1 201101172247 2011-01-17 1.64 -
AVAST! 4.7.4 110117-1 2011-01-17 0.01 -
AVG 8.5.850 271.1.1/3387 2011-01-18 0.45 -
BitDefender 7.90123.6660429 7.35760 2011-01-18 7.39 -
ClamAV 0.96.5 12537 2011-01-18 0.04 -
Comodo 4.0 7424 2011-01-17 0.98 -
CP Secure 1.3.0.5 2011.01.17 2011-01-17 0.05 -
Dr.Web 5.0.2.3300 2011.01.18 2011-01-18 10.63 -
F-Prot 4.4.4.56 20110117 2011-01-17 1.55 -
F-Secure 7.02.73807 2011.01.17.07 2011-01-17 0.20 -
Fortinet 4.2.254 12.806 2011-01-17 0.78 -
GData 21.1583/21.624 20110118 2011-01-18 17.58 -
ViRobot 20110117 2011.01.17 2011-01-17 0.97 -
Ikarus T3.1.32.15.0 2011.01.18.77550 2011-01-18 4.97 -
JiangMin 13.0.900 2011.01.17 2011-01-17 1.44 -
Kaspersky 5.5.10 2011.01.17 2011-01-17 0.15 -
KingSoft 2009.2.5.15 2011.1.17.18 2011-01-17 0.71 -
McAfee 5400.1158 6229 2011-01-17 18.39 -
Microsoft 1.6402 2011.01.17 2011-01-17 22.81 -
Norman 6.06.12 6.06.00 2011-01-17 14.03 -
Panda 9.05.01 2011.01.17 2011-01-17 4.45 -
Trend Micro 9.200-1012 7.774.20 2011-01-17 0.04 -
Quick Heal 11.00 2011.01.17 2011-01-17 2.37 -
Rising 20.0 22.83.00.03 2011-01-17 2.37 -
Sophos 3.15.0 4.61 2011-01-18 3.11 -
Sunbelt 3.9.2464.2 8105 2011-01-17 0.63 -
Symantec 1.3.0.24 20110116.003 2011-01-16 2.00 -
nProtect 20110116.01 9619968 2011-01-16 33.68 -
The Hacker 6.7.0.1 v00115 2011-01-14 0.65 -
VBA32 3.12.14.2 20110116.1511 2011-01-16 3.45 -
VirusBuster 5.2.0.28 13.6.151.0/42813722011-01-17 0.00 -



c:\windows\system32\spoolsv.exe Content :

VirSCAN.org Scanned Report :
Scanned time : 2011/01/17 19:14:53 (PST)
Scanner results: Scanners did not find malware!
File Name : spoolsv.exe
File Size : 57856 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : d8e14a61acc1d4a6cd0d38aebac7fa3b
SHA1 : 0e5d1a09a103eae3bd693c7a1c7531fde2e2402b
Online report : http://virscan.org/report/75520c9fe309a729168ed456220c9e3a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110118002000 2011-01-18 21.07 -
AhnLab V3 2011.01.11.00 2011.01.11 2011-01-11 10.72 -
AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.34 -
Antiy 2.0.18 20101228.6954489 2010-12-28 0.07 -
Arcavir 2010 201101181043 2011-01-18 0.30 -
Authentium 5.1.1 201101172247 2011-01-17 2.92 -
AVAST! 4.7.4 110117-1 2011-01-17 0.01 -
AVG 8.5.850 271.1.1/3387 2011-01-18 1.25 -
BitDefender 7.90123.6660429 7.35760 2011-01-18 14.28 -
ClamAV 0.96.5 12537 2011-01-18 0.05 -
Comodo 4.0 7424 2011-01-17 1.31 -
CP Secure 1.3.0.5 2011.01.17 2011-01-17 0.34 -
Dr.Web 5.0.2.3300 2011.01.18 2011-01-18 18.60 -
F-Prot 4.4.4.56 20110117 2011-01-17 5.27 -
F-Secure 7.02.73807 2011.01.17.07 2011-01-17 14.80 -
Fortinet 4.2.254 12.806 2011-01-17 22.26 -
GData 21.1583/21.624 20110118 2011-01-18 23.34 -
ViRobot 20110117 2011.01.17 2011-01-17 0.56 -
Ikarus T3.1.32.15.0 2011.01.18.77550 2011-01-18 10.93 -
JiangMin 13.0.900 2011.01.17 2011-01-17 1.62 -
Kaspersky 5.5.10 2011.01.17 2011-01-17 0.10 -
KingSoft 2009.2.5.15 2011.1.17.18 2011-01-17 1.25 -
McAfee 5400.1158 6229 2011-01-17 0.00 -
Microsoft 1.6402 2011.01.17 2011-01-17 4.01 -
Norman 6.06.12 6.06.00 2011-01-17 59.95 -
Panda 9.05.01 2011.01.17 2011-01-17 7.86 -
Trend Micro 9.200-1012 7.774.20 2011-01-17 0.04 -
Quick Heal 11.00 2011.01.17 2011-01-17 12.02 -
Rising 20.0 22.83.00.03 2011-01-17 8.55 -
Sophos 3.15.0 4.61 2011-01-18 3.05 -
Sunbelt 3.9.2464.2 8105 2011-01-17 2.62 -
Symantec 1.3.0.24 20110116.003 2011-01-16 0.29 -
nProtect 20110116.01 9619968 2011-01-16 38.04 -
The Hacker 6.7.0.1 v00115 2011-01-14 0.71 -
VBA32 3.12.14.2 20110116.1511 2011-01-16 4.33 -
VirusBuster 5.2.0.28 13.6.151.0/42813722011-01-17 0.01 -
 

iLJ

Thread Starter
Joined
Jan 16, 2011
Messages
9
OTL logfile created on: 1/17/2011 7:27:10 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 2.31 Gb Free Space | 4.14% Space Free | Partition Type: NTFS

Computer Name: LZMCA-07 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/17 18:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/01/17 03:33:26 | 000,061,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\ljua.exe
PRC - [2011/01/12 02:14:24 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/03 02:52:54 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
PRC - [2005/04/04 17:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/02/03 09:37:40 | 000,286,720 | ---- | M] (Aiptek) -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/11/04 10:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/01 10:11:46 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
PRC - [2004/05/07 09:20:52 | 000,024,681 | ---- | M] () -- C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/09/20 09:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe


========== Modules (SafeList) ==========

MOD - [2011/01/17 18:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2004/11/04 10:39:58 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ITMRTSVC)
SRV - File not found [Auto | Stopped] -- -- (InoTask)
SRV - File not found [Auto | Stopped] -- -- (InoRT)
SRV - File not found [Auto | Stopped] -- -- (InoRPC)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/09/20 09:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/20 09:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/20 09:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)


========== Driver Services (SafeList) ==========

DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2005/02/10 16:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/16 02:37:48 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/11/04 10:26:42 | 000,186,016 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/11/04 02:24:12 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/09/23 17:01:02 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/08/24 03:20:08 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/17 03:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 00:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 00:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/03 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/03 01:05:00 | 000,086,138 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/03 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/03 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/03 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/03 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/03 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/03 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/01 15:34:58 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/07/14 02:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/07/07 16:02:14 | 000,022,272 | ---- | M] (AIPTEK International Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aiptektp.sys -- (aiptektp)
DRV - [2004/06/16 10:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/05/03 08:26:16 | 000,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2004/04/14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/02/20 10:35:28 | 000,059,044 | R--- | M] (Hewlett-Packard) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\ClntMgmt.sys -- (ClntMgmt.sys)
DRV - [2003/06/06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/06/21 20:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 20:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2001/05/07 02:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 0


[2011/01/17 03:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/01/17 03:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\84p77748.default\extensions
[2011/01/17 02:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/17 03:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/16 16:30:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [atwtusb] C:\WINDOWS\System32\atwtusb.exe (Aiptek)
O4 - HKLM..\Run: [ChangeResolution] File not found
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [Realtime Monitor] File not found
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ()
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = centinela.k12.ca.us
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Administrator\Application Data\ljua.exe -dwup) - C:\Documents and Settings\Administrator\Application Data\ljua.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/01/17 18:42:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/17 18:13:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/17 18:11:53 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/01/17 17:05:08 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/01/17 04:20:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/17 04:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/17 04:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/01/17 04:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/17 03:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/01/17 03:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/17 03:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/17 03:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller
[2011/01/17 03:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/01/17 03:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/01/17 03:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2011/01/17 03:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Warcraft III
[2011/01/17 03:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2011/01/17 03:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2011/01/17 03:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2011/01/17 03:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2011/01/17 03:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Miro
[2011/01/17 03:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/17 03:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RecordNow! CD&DVD Recording
[2011/01/17 03:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/01/17 03:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2011/01/17 03:08:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/01/17 03:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/01/17 00:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\MWSnap(2)
[2011/01/13 06:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\AIM7
[2011/01/12 05:20:00 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/01/12 05:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/12 04:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/12 04:33:16 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/01/12 02:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft III
[2011/01/12 02:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/01/12 02:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/01/12 01:53:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/12 01:36:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2011/01/11 23:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(3)
[2011/01/11 22:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/11 00:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Updater
[2011/01/01 06:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\GHost Files
[2011/01/01 05:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(2)
[2010/12/30 02:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PCF-VLC
[2010/12/30 01:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2010/12/30 01:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Participatory Culture Foundation
[2010/12/30 01:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Games
[2010/12/29 17:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\LJ Pictures
[2010/12/24 11:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2010/12/24 11:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
[2010/12/24 11:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AIM
[2010/12/24 11:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/12/24 11:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2010/12/24 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/12/24 11:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/12/23 09:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\maya
[2010/12/21 07:48:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/12/20 16:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Diag tool
[2010/12/20 02:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/12/20 00:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010/12/20 00:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/12/20 00:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/12/20 00:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft III(2).temp
[2010/12/20 00:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/12/20 00:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/12/20 00:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/12/20 00:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2010/12/20 00:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2010/12/19 20:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Warcraft III 1.21b TFT Installer enUS
[2010/12/19 20:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Warcraft IIII
[2010/12/19 09:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/17 19:19:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3494177053-862362492-3914617089-500UA.job
[2011/01/17 18:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/17 18:15:13 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/01/17 18:15:10 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\158734.exe
[2011/01/17 18:10:53 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\1034312.exe
[2011/01/17 18:05:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/17 18:05:23 | 1333,186,560 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/17 17:47:53 | 004,156,942 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iexplore.exe
[2011/01/17 10:25:28 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Administrator\hhdr.exe
[2011/01/17 03:33:26 | 000,061,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\ljua.exe
[2011/01/17 02:34:06 | 000,447,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/17 02:34:06 | 000,074,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/16 16:52:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/14 02:19:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3494177053-862362492-3914617089-500Core.job
[2011/01/13 06:58:55 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/01/13 06:58:55 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/01/13 06:58:47 | 000,000,344 | -H-- | M] () -- C:\IPH.PH
[2011/01/12 23:13:42 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Retry AIM Installation.lnk
[2011/01/12 20:25:04 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/12 20:25:03 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/01/12 09:52:16 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/01/12 05:27:05 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/01/12 05:20:06 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
[2011/01/12 05:20:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/12 05:17:27 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/12 05:14:45 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/01/12 04:19:40 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/12 02:49:38 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Warcraft III - The Frozen Throne.lnk
[2011/01/12 02:45:08 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Warcraft III.lnk
[2011/01/11 00:54:25 | 000,069,284 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Transcript For Burger King, (School did not want to release it until friday) So I had to take a picture.pdf
[2011/01/11 00:50:03 | 000,537,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.doc
[2011/01/10 01:13:23 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Change a Life Foundation Scholarships.doc
[2011/01/10 01:07:42 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\American Liberty Scholarship.doc
[2011/01/10 00:43:44 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Wells Fargo $1,000 Scholarship.doc
[2011/01/10 00:33:33 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Scholarship Points $10,000 Scholarship.doc
[2011/01/10 00:26:59 | 000,155,136 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Scholarship Zone $10,000 Scholarship.doc
[2011/01/10 00:21:13 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The College JumpStart Scholarship Fund Scholarship.doc
[2011/01/09 22:01:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Courage to Grow Scholarship.doc
[2011/01/09 21:33:35 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Zinch $20,000 Scholarship.doc
[2011/01/09 21:25:11 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\College Prowler No Essay Scholarship.doc
[2011/01/09 21:18:27 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\U.S. Bank Scholarship.doc
[2011/01/09 19:50:01 | 000,010,631 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ED-AL097_1teenw_NS_20100304202254.gif
[2011/01/06 00:26:42 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Lanon Johnson.doc
[2010/12/23 13:17:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/19 13:19:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\GPlrLanc.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/17 18:15:08 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\158734.exe
[2011/01/17 18:10:34 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\1034312.exe
[2011/01/17 18:05:23 | 1333,186,560 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/17 17:47:43 | 004,156,942 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iexplore.exe
[2011/01/17 03:33:36 | 000,061,440 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\ljua.exe
[2011/01/17 03:33:26 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Administrator\hhdr.exe
[2011/01/13 06:58:55 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/01/13 06:58:55 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/01/12 23:13:43 | 000,000,344 | -H-- | C] () -- C:\IPH.PH
[2011/01/12 23:13:42 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Retry AIM Installation.lnk
[2011/01/12 05:20:06 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
[2011/01/12 05:20:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/12 05:17:27 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/12 05:14:45 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/01/12 02:45:42 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Warcraft III - The Frozen Throne.lnk
[2011/01/12 02:42:02 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Warcraft III.lnk
[2011/01/12 02:15:20 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/01/12 02:15:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/12 02:14:28 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3494177053-862362492-3914617089-500UA.job
[2011/01/12 02:14:27 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3494177053-862362492-3914617089-500Core.job
[2011/01/11 00:52:59 | 000,069,284 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Transcript For Burger King, (School did not want to release it until friday) So I had to take a picture.pdf
[2011/01/11 00:50:03 | 000,537,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Doc1.doc
[2011/01/10 01:13:23 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Change a Life Foundation Scholarships.doc
[2011/01/10 01:07:42 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\American Liberty Scholarship.doc
[2011/01/10 00:43:44 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Wells Fargo $1,000 Scholarship.doc
[2011/01/10 00:33:33 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Scholarship Points $10,000 Scholarship.doc
[2011/01/10 00:26:58 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Scholarship Zone $10,000 Scholarship.doc
[2011/01/10 00:21:13 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The College JumpStart Scholarship Fund Scholarship.doc
[2011/01/09 22:01:22 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Courage to Grow Scholarship.doc
[2011/01/09 21:33:35 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Zinch $20,000 Scholarship.doc
[2011/01/09 21:25:10 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\College Prowler No Essay Scholarship.doc
[2011/01/09 21:18:27 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\U.S. Bank Scholarship.doc
[2011/01/09 19:50:00 | 000,010,631 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ED-AL097_1teenw_NS_20100304202254.gif
[2011/01/06 00:26:42 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Lanon Johnson.doc
[2010/12/19 13:19:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2009/02/20 08:40:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Funckey.dll
[2009/02/20 08:40:06 | 000,002,593 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2008/03/10 07:28:17 | 000,178,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/02/08 08:11:01 | 000,069,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSge10d.sys
[2007/10/18 11:22:43 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/10/15 13:34:32 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Static Library
[2007/10/15 13:34:32 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Sports
[2007/10/15 13:34:32 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2005/09/21 08:15:04 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/21 08:13:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/20 23:06:56 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2005/09/20 22:30:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/20 22:30:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/20 22:30:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/20 22:30:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/20 22:30:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/20 22:30:56 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/15 16:00:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/02/15 15:55:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/15 15:48:13 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/26 10:30:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 05:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 05:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/01 01:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >
 

iLJ

Thread Starter
Joined
Jan 16, 2011
Messages
9
OTL Extras logfile created on: 1/17/2011 7:27:10 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 2.31 Gb Free Space | 4.14% Space Free | Partition Type: NTFS

Computer Name: LZMCA-07 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
"{107558C8-458B-45EA-A0FE-7CC10D687DB6}" = CA eTrustITM Agent
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200}" = CA Licensing
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BB3EDE-56CB-467E-ADEE-F6C57552F528}" = Maya Shader Library for Maya
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{6E4B4026-92AD-46D3-AD73-6D6F23943871}" = Alias DirectConnect 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{847501DF-07C0-4691-B04A-893929F108AE}" = CA iTechnology iGateway
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 1.00 C3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99B41A19-7FD5-4B0C-A2AB-1A065669F8A3}" = Maya 7.0
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 1.00 B7
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 D5
"{D0572854-191F-45DB-B959-641F8E5C8409}" = HP Accessories Product Tour
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM_7" = AIM 7
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"Rainbow Sentinel Driver" = Sentinel System Driver
"Revo Uninstaller" = Revo Uninstaller 1.91
"Rmtablet" = USB Tablet Driver
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Warcraft III" = Warcraft III
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2011 6:59:14 AM | Computer Name = LZMCA-07 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/17/2011 6:59:16 AM | Computer Name = LZMCA-07 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/17/2011 7:28:48 AM | Computer Name = LZMCA-07 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/17/2011 7:28:49 AM | Computer Name = LZMCA-07 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/17/2011 3:28:53 PM | Computer Name = LZMCA-07 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/17/2011 10:02:15 PM | Computer Name = LZMCA-07 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008d560.

Error - 1/17/2011 10:07:38 PM | Computer Name = LZMCA-07 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/17/2011 10:07:40 PM | Computer Name = LZMCA-07 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/17/2011 10:08:23 PM | Computer Name = LZMCA-07 | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 15 10.0.168.192.in-addr.arpa.
PTR LZMCA-8.local.

Error - 1/17/2011 10:08:23 PM | Computer Name = LZMCA-07 | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 10.0.168.192.in-addr.arpa.
PTR LZMCA-07.local.

[ System Events ]
Error - 1/17/2011 10:08:08 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 1/17/2011 10:08:08 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 1/17/2011 10:08:08 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 1/17/2011 10:08:08 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7000
Description = The eTrust Antivirus Realtime Service service failed to start due
to the following error: %%3

Error - 1/17/2011 10:08:08 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7000
Description = The CA Pest Patrol Realtime Protection Service service failed to start
due to the following error: %%2

Error - 1/17/2011 10:09:46 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7022
Description = The iTechnology iGateway 4.2 service hung on starting.

Error - 1/17/2011 10:09:46 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
INO_FLPY

Error - 1/17/2011 10:09:46 PM | Computer Name = LZMCA-07 | Source = Service Control Manager | ID = 7034
Description = The iTechnology iGateway 4.2 service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/17/2011 10:23:14 PM | Computer Name = LZMCA-07 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 1/17/2011 10:53:16 PM | Computer Name = LZMCA-07 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.


< End of report >
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi

Please do the following:



Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL
    PRC - [2011/01/17 03:33:26 | 000,061,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\ljua.exe
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Administrator\Application Data\ljua.exe -dwup) - C:\Documents and Settings\Administrator\Application Data\ljua.exe ()
    [2011/01/17 18:15:10 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\158734.exe
    [2011/01/17 18:10:53 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\1034312.exe
    [2011/01/17 10:25:28 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Administrator\hhdr.exe
    [2011/01/17 03:33:26 | 000,061,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\ljua.exe
    ActiveX: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\vmdcgr.exe
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptyflash]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log



when complete, try giving ComboFix another run
 

iLJ

Thread Starter
Joined
Jan 16, 2011
Messages
9
Processes are looking fine, heres the OTL Log after Reboot

All processes killed
========== OTL ==========
No active process named ljua.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\12CFG214-K641-12SF-N85P deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Administrator\Application Data\ljua.exe -dwup deleted successfully.
File C:\Documents and Settings\Administrator\Application Data\ljua.exe not found.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\158734.exe not found.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\1034312.exe not found.
File C:\Documents and Settings\Administrator\hhdr.exe not found.
File C:\Documents and Settings\Administrator\Application Data\ljua.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 17700 bytes

User: All Users

User: Default User

User: Lanon
->Flash cache emptied: 560 bytes

User: LJ
->Flash cache emptied: 405 bytes

User: LocalService

User: mcastudent
->Flash cache emptied: 44613 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 411909305 bytes
->Temporary Internet Files folder emptied: 315545871 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 229876605 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Lanon
->Temp folder emptied: 35808176 bytes
->Temporary Internet Files folder emptied: 26329455 bytes
->Flash cache emptied: 0 bytes

User: LJ
->Temp folder emptied: 710411 bytes
->Temporary Internet Files folder emptied: 12249411 bytes
->FireFox cache emptied: 11594004 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8263802 bytes

User: mcastudent
->Temp folder emptied: 2435479410 bytes
->Temporary Internet Files folder emptied: 102177662 bytes
->Java cache emptied: 1330518 bytes
->FireFox cache emptied: 79868852 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 849100 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 7481 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99170934 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 9249856 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 4238047 bytes

Total Files Cleaned = 3,609.00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01172011_200903

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






Also:
When I was eset scan again, it said it found agent trojan or something, but I didn't finish scan nor deleted or quarantined the files, because OTL was doing it's thing. I run eset on a daily basis because it usually catches thing other scans do not, so as of right now the computer speed is fine there is the OTL log, and I have only opened my browser at this point.
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi

don't run ESET or any other scans other than those I request while we are going through this cleaning process as it can make things more difficult for me.

Please try running ComboFix again.

Run it in safemode - renamed, if necessary

make certain you security programs are disabled or they will interfere
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top