Virus Rootkit.win32.tdss.d HELP!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

snifferhann

Thread Starter
Joined
Apr 14, 2010
Messages
3
Hi
I've managed to pick up the rootkit.win32.tdss.d virus and can't remove it. I'm running Win Xp pro and kaspersky security which deects it but cannot remove it. I ve tried various softwares, including kaspersky tdss removal tool but they do no seem to remove it. Any help would be great.

I've included the combo fix log below.

Thanks


ComboFix 10-04-13.04 - Administrator 14/04/2010 17:54:13.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2563 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\itsme.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.
2010-04-14 17:09 . 2010-04-14 17:09 -------- d-----w- c:\documents and settings\Administrator\WPDNSE
2010-04-14 14:34 . 2010-04-14 14:34 -------- d-----w- c:\program files\RootQuest
2010-04-14 10:59 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-04-14 10:26 . 2010-04-14 10:26 -------- d-----w- c:\documents and settings\NetworkService\outlook logging
2010-04-14 09:32 . 2010-04-14 09:32 -------- d-----w- c:\documents and settings\Administrator\Rar$EX00.047
2010-04-13 21:22 . 2010-04-13 21:22 13778 ----a-w- C:\exe.dat
2010-04-13 20:26 . 2010-04-13 20:26 -------- d-----w- c:\program files\Enigma Software Group
2010-04-13 20:18 . 2010-04-13 20:18 -------- d-----w- c:\documents and settings\NetworkService\bdrb.tmp
2010-04-13 20:13 . 2010-04-13 20:13 -------- d-----w- c:\documents and settings\NetworkService\qxxo.tmp
2010-04-13 20:05 . 2010-04-13 20:06 -------- d-----w- c:\documents and settings\NetworkService\baiw.tmp
2010-04-13 20:04 . 2010-04-13 20:04 -------- d-----w- c:\documents and settings\Administrator\plugtmp-7
2010-04-13 20:00 . 2010-04-13 20:00 -------- d-----w- c:\documents and settings\NetworkService\nldq.tmp
2010-04-13 19:55 . 2010-04-13 19:55 -------- d-----w- c:\documents and settings\NetworkService\lemr.tmp
2010-04-13 19:50 . 2010-04-13 20:54 147456 ----a-w- C:\catchme.exe
2010-04-13 19:50 . 2010-04-13 19:50 -------- d-----w- c:\documents and settings\NetworkService\ddgx.tmp
2010-04-13 19:45 . 2010-04-13 19:45 -------- d-----w- c:\documents and settings\NetworkService\hial.tmp
2010-04-13 19:40 . 2010-04-13 19:40 -------- d-----w- c:\documents and settings\NetworkService\abmw.tmp
2010-04-13 19:37 . 2010-04-13 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2010-04-13 19:34 . 2010-04-13 19:35 -------- d-----w- c:\documents and settings\NetworkService\ejib.tmp
2010-04-13 19:29 . 2010-04-13 19:29 -------- d-----w- c:\documents and settings\NetworkService\ulfh.tmp
2010-04-13 19:24 . 2010-04-13 19:24 -------- d-----w- c:\documents and settings\NetworkService\doid.tmp
2010-04-13 19:19 . 2010-04-13 19:19 -------- d-----w- c:\documents and settings\NetworkService\ftei.tmp
2010-04-13 19:14 . 2010-04-13 19:14 -------- d-----w- c:\documents and settings\NetworkService\rodr.tmp
2010-04-13 19:09 . 2010-04-13 19:09 -------- d-----w- c:\documents and settings\NetworkService\iiiy.tmp
2010-04-13 19:04 . 2010-04-13 19:04 -------- d-----w- c:\documents and settings\NetworkService\pysf.tmp
2010-04-13 18:59 . 2010-04-13 19:00 -------- d-----w- c:\documents and settings\NetworkService\xxti.tmp
2010-04-13 18:58 . 2010-04-13 19:12 -------- d-----w- c:\documents and settings\Administrator\HouseCall
2010-04-13 18:58 . 2010-04-13 19:00 -------- d-----w- c:\documents and settings\Administrator\HCBackup
2010-04-13 18:49 . 2010-04-13 18:49 -------- d-----w- c:\documents and settings\NetworkService\pfvr.tmp
2010-04-13 18:37 . 2010-04-13 18:37 -------- d-----w- c:\documents and settings\NetworkService\cdti.tmp
2010-04-13 18:04 . 2010-04-13 18:04 -------- d-----w- c:\documents and settings\NetworkService\soxh.tmp
2010-04-13 17:59 . 2010-04-13 17:59 -------- d-----w- c:\documents and settings\NetworkService\xteo.tmp
2010-04-13 17:54 . 2010-04-13 17:54 -------- d-----w- c:\documents and settings\NetworkService\wdjj.tmp
2010-04-13 17:49 . 2010-04-13 17:49 -------- d-----w- c:\documents and settings\NetworkService\ljin.tmp
2010-04-13 17:44 . 2010-04-13 17:44 -------- d-----w- c:\documents and settings\NetworkService\meov.tmp
2010-04-13 17:39 . 2010-04-13 17:39 -------- d-----w- c:\documents and settings\NetworkService\pyab.tmp
2010-04-13 17:34 . 2010-04-13 17:34 -------- d-----w- c:\documents and settings\NetworkService\vmno.tmp
2010-04-13 17:29 . 2010-04-13 17:29 -------- d-----w- c:\documents and settings\NetworkService\nfvc.tmp
2010-04-13 17:23 . 2010-04-13 17:23 -------- d-----w- c:\documents and settings\NetworkService\owbv.tmp
2010-04-13 17:18 . 2010-04-13 17:18 -------- d-----w- c:\documents and settings\NetworkService\lwfh.tmp
2010-04-13 17:13 . 2010-04-13 17:13 -------- d-----w- c:\documents and settings\NetworkService\tvxv.tmp
2010-04-13 17:08 . 2010-04-13 17:08 -------- d-----w- c:\documents and settings\NetworkService\ssuu.tmp
2010-04-13 17:03 . 2010-04-13 17:03 -------- d-----w- c:\documents and settings\NetworkService\xtpe.tmp
2010-04-13 16:58 . 2010-04-13 16:58 -------- d-----w- c:\documents and settings\NetworkService\bdie.tmp
2010-04-12 19:47 . 2010-04-12 19:59 -------- d-----w- c:\documents and settings\Administrator\hsperfdata_Administrator
2010-04-12 17:50 . 2010-04-12 17:50 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-12 13:46 . 2010-04-12 15:59 -------- d-----w- c:\documents and settings\Administrator\plugtmp-4
2010-04-12 12:21 . 2010-04-12 12:22 -------- d-----w- c:\documents and settings\Administrator\hsperfdata_SYSTEM
2010-04-11 12:30 . 2010-04-11 12:54 554064 ----a-w- c:\documents and settings\Administrator\LiveUpdate.exe
2010-04-11 12:30 . 2010-04-11 12:54 554064 ----a-w- c:\documents and settings\Administrator\LiveUpdate.dat
2010-04-11 12:28 . 2010-04-11 12:29 -------- d-----w- c:\documents and settings\Administrator\LiveUpdate
2010-04-11 10:29 . 2010-04-11 12:25 -------- d-----w- c:\documents and settings\Administrator\plugtmp-3
2010-04-11 10:09 . 2010-04-11 10:09 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-04-11 10:09 . 2010-04-11 10:09 -------- d-----w- c:\documents and settings\Administrator\bye52C4.tmp
2010-04-11 10:07 . 2010-04-11 10:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2010-04-11 10:07 . 2010-04-11 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-04-11 00:04 . 2010-04-11 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-04-05 17:33 . 2010-04-05 19:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-04-04 16:21 . 2010-04-04 16:21 -------- d-----w- c:\program files\STOIK Imaging
2010-04-04 16:21 . 2010-04-04 16:21 -------- d-----w- c:\documents and settings\Administrator\isp19ED.tmp
2010-04-04 16:19 . 2010-01-08 04:51 7680 ------w- c:\documents and settings\Administrator\SegPlayPCDXCheck.exe
2010-04-04 16:19 . 2009-06-27 17:44 7680 ------w- c:\documents and settings\Administrator\SegPlayPCRegisterPatterns.exe
2010-04-04 16:19 . 2008-12-28 22:17 6656 ------w- c:\documents and settings\Administrator\SegPlayPCInstallCheck.exe
2010-04-04 16:19 . 2006-12-02 13:22 479232 ------w- c:\documents and settings\Administrator\msvcm80.dll
2010-04-04 16:19 . 2006-12-02 05:03 626688 ------w- c:\documents and settings\Administrator\msvcr80.dll
2010-04-04 16:19 . 2006-12-02 05:03 548864 ------w- c:\documents and settings\Administrator\msvcp80.dll
2010-04-04 16:19 . 2006-02-03 16:41 74448 ------w- c:\documents and settings\Administrator\DSETUP.dll
2010-04-04 16:19 . 2010-04-04 16:19 -------- d-----w- c:\program files\Segmation
2010-04-02 10:58 . 2010-04-02 10:58 -------- d-----w- c:\documents and settings\Administrator\RarSFX0
2010-03-30 08:55 . 2010-03-30 10:19 -------- d-----w- c:\documents and settings\Administrator\plugtmp-2
2010-03-29 20:44 . 2010-03-29 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FNET
2010-03-29 20:44 . 2010-03-29 20:44 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2010-03-29 20:44 . 2010-03-29 20:44 -------- d-----w- c:\program files\PcCloneEX
2010-03-29 13:53 . 2010-03-29 13:53 -------- d-----w- c:\documents and settings\Administrator\plugtmp-1
2010-03-29 13:46 . 2010-03-29 13:46 28480 ----a-r- c:\documents and settings\Administrator\AMPing.exe
2010-03-28 02:59 . 2010-04-13 20:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mufe
2010-03-27 23:48 . 2010-04-11 12:32 701808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-27 12:47 . 2010-03-27 17:27 -------- d-----w- c:\documents and settings\Administrator\plugtmp
2010-03-25 23:57 . 2010-03-22 22:54 128536 ----a-w- c:\documents and settings\Administrator\DAPREMOVE.EXE
2010-03-24 20:52 . 2010-03-24 20:52 -------- d-----w- c:\documents and settings\Administrator\OIS
2010-03-24 15:30 . 2010-03-24 15:30 -------- d-----w- c:\documents and settings\Administrator\VBE
2010-03-23 18:17 . 2010-04-05 19:36 -------- d-----w- c:\documents and settings\Administrator\Acrobat Distiller 8
2010-03-23 15:53 . 2010-03-23 15:53 3532 ----a-w- C:\drmHeader.bin
2010-03-23 13:09 . 2010-03-23 13:09 -------- d-----w- c:\program files\Seagate
2010-03-23 10:55 . 2010-03-23 10:55 -------- d-----w- c:\temp\MotoConnectTemp
2010-03-22 22:54 . 2010-03-22 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-03-22 22:54 . 2009-10-12 15:21 138760 ----a-w- c:\documents and settings\Administrator\RunWizards.exe
2010-03-22 22:53 . 2010-03-22 22:53 -------- d-----w- c:\documents and settings\Administrator\LocalesU
2010-03-22 22:53 . 2010-02-22 17:42 99800 ----a-w- c:\documents and settings\Administrator\cabex.dll
2010-03-20 21:25 . 2010-03-20 21:26 -------- d-----w- c:\documents and settings\Administrator\plugtmp-52
2010-03-18 10:05 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-03-17 18:48 . 2010-03-17 18:48 -------- d-----w- C:\8d113d41ec57f411bf7fbeb77296
2010-03-17 16:07 . 2010-03-17 16:07 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-03-17 14:36 . 2010-03-17 14:36 -------- d-----w- c:\program files\XP_Key_Changer
2010-03-17 09:53 . 2010-03-17 09:53 -------- d-----w- c:\documents and settings\Administrator\{EAAB5FBB-9737-4A6C-A5C0-4B3D76BC932B}
2010-03-16 21:21 . 2010-03-16 21:21 -------- d-----w- c:\program files\Loaris
2010-03-16 20:59 . 2010-03-16 20:59 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-16 20:50 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-03-16 20:50 . 2009-07-31 10:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-03-16 20:49 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-03-16 20:49 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-03-16 20:46 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-16 20:46 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-16 20:46 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-16 20:46 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-16 20:41 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-03-16 20:04 . 2010-03-16 20:04 -------- d-----w- c:\documents and settings\Administrator\{CD20B98A-59DB-4AC6-A0D3-320C9DE30F71}
2010-03-16 20:03 . 2010-03-16 20:03 -------- d-----w- c:\documents and settings\Administrator\{A0BFB9A9-14B5-4ECC-A95C-A1E4F73187D5}
2010-03-16 20:02 . 2010-03-16 20:02 -------- d-----w- c:\documents and settings\Administrator\{F49C43BB-75D0-4254-981A-7BD8DC9B7CB4}
2010-03-16 19:54 . 2010-03-16 19:54 -------- d-----w- c:\documents and settings\Administrator\{748C82FE-86A8-4EBC-8F2A-E62F02EC1EA4}
2010-03-16 19:33 . 2010-03-16 19:33 -------- d-----w- c:\documents and settings\Administrator\{3C3EB740-800F-47A4-805E-A0F1FF2DB3A1}
2010-03-16 19:32 . 2010-03-16 19:32 -------- d-----w- c:\documents and settings\Administrator\{60406820-78A4-4B73-B854-0FD24274B3DD}
2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{77F02026-2A07-412B-9BC9-31C821E564B9}
2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{AD7FCDD2-E764-4A32-9EA3-DFB3A0D7F316}
2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{54B73E95-C0BA-468B-8F17-165FA66899CF}
2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{EF72E2D7-2A39-4189-8F4E-D7F8A71B1F05}
2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{40B2F6E0-A451-47D9-8EAC-771513FF197B}
2010-03-16 19:31 . 2010-03-16 19:31 -------- d-----w- c:\documents and settings\Administrator\{16C661F1-8928-430A-8521-2C6C022F80FB}
2010-03-16 15:30 . 2010-03-16 15:30 494 ----a-w- C:\appbckp1.reg
2010-03-16 15:30 . 2010-03-16 15:30 1234874 ----a-w- C:\appbckp2.reg
2010-03-16 15:28 . 2010-03-25 22:28 -------- d-----w- c:\program files\%temp%
2010-03-16 14:10 . 2010-03-16 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AltrixSoft
2010-03-16 14:09 . 2010-03-25 22:28 -------- d-----w- c:\program files\Hard Drive Inspector
2010-03-16 14:09 . 2010-03-16 14:09 -------- d-----w- c:\program files\Common Files\AltrixSoft
2010-03-16 14:09 . 2010-03-16 14:10 -------- d-----w- c:\documents and settings\Administrator\nsp3D1C.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 17:12 . 2010-04-14 17:12 32768 ----atw- c:\documents and settings\LocalService\cch16.tmp
2010-04-14 17:12 . 2010-04-14 17:12 32768 ----atw- c:\documents and settings\LocalService\cch15.tmp
2010-04-14 17:09 . 2008-02-26 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-04-14 16:52 . 2008-02-26 13:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\PocoMail
2010-04-14 13:49 . 2008-12-07 11:45 -------- d-----w- c:\program files\Web Publish
2010-04-14 12:59 . 2007-07-18 19:05 96384 ------w- c:\windows\system32\drivers\atapi.sys
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cchA07.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cchA06.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cchA01.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cchA00.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9FE.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9FD.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9FB.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9FA.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9F8.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9F7.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9CB.tmp
2010-04-14 12:47 . 2010-04-14 12:47 32768 ----atw- c:\documents and settings\LocalService\cch9CA.tmp
2010-04-14 12:46 . 2010-04-14 12:46 203 ----a-w- c:\documents and settings\Administrator\~fx9BF.tmp
2010-04-14 12:46 . 2010-04-14 12:46 127 ----a-w- c:\documents and settings\Administrator\~fx9BE.tmp
2010-04-14 12:46 . 2010-04-14 12:46 127 ----a-w- c:\documents and settings\Administrator\~fx9BA.tmp
2010-04-14 12:46 . 2010-04-14 12:46 7705 ----a-w- c:\documents and settings\Administrator\~fx995.tmp
2010-04-14 12:24 . 2010-04-14 12:24 32768 ----atw- c:\documents and settings\LocalService\cch50B.tmp
2010-04-14 12:24 . 2010-04-14 12:24 32768 ----atw- c:\documents and settings\LocalService\cch50A.tmp
2010-04-14 11:56 . 2010-04-14 11:56 32768 ----atw- c:\documents and settings\LocalService\cch274.tmp
2010-04-14 11:56 . 2010-04-14 11:56 32768 ----atw- c:\documents and settings\LocalService\cch273.tmp
2010-04-14 11:56 . 2010-04-14 11:56 32768 ----atw- c:\documents and settings\LocalService\cch271.tmp
2010-04-14 11:56 . 2010-04-14 11:56 32768 ----atw- c:\documents and settings\LocalService\cch270.tmp
2010-04-14 11:26 . 2008-02-26 13:01 -------- d-----w- c:\program files\FlashFXP
2010-04-14 09:45 . 2010-04-14 09:45 637798 ----a-w- c:\documents and settings\NetworkService\fla2D.tmp
2010-04-14 09:40 . 2010-04-14 09:40 98304 ----a-w- c:\windows\system32\drivers\tsk11.tmp
2010-04-13 23:39 . 2010-04-13 23:39 29614081 ----a-w- c:\documents and settings\Administrator\fla370.tmp
2010-04-13 23:29 . 2009-01-12 23:52 -------- d-----w- c:\program files\Orbitdownloader
2010-04-13 20:22 . 2008-10-14 17:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Fuil
2010-04-13 20:07 . 2008-10-24 11:15 -------- d-----w- c:\program files\eFax Messenger 4.4
2010-04-13 18:41 . 2009-02-16 16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 18:37 . 2010-04-13 18:37 311296 ----a-w- c:\documents and settings\Administrator\~DF7E5C.tmp
2010-04-13 18:36 . 2009-02-16 16:23 5918775 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-13 17:35 . 2010-04-13 17:35 311296 ----a-w- c:\documents and settings\Administrator\~DF713C.tmp
2010-04-13 14:58 . 2010-04-13 19:34 670696 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-04-13 14:58 . 2010-04-13 19:34 833960 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-04-13 12:14 . 2008-04-14 11:24 -------- d-----w- c:\program files\Advanced System Optimizer
2010-04-13 10:33 . 2010-04-13 10:33 213 ----a-w- c:\documents and settings\Administrator\~fx12.tmp
2010-04-13 10:33 . 2010-04-13 10:33 127 ----a-w- c:\documents and settings\Administrator\~fx11.tmp
2010-04-13 10:33 . 2010-04-13 10:33 2407 ----a-w- c:\documents and settings\Administrator\~fx10.tmp
2010-04-13 09:34 . 2008-02-26 16:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2010-04-12 22:37 . 2010-04-12 22:37 0 ----a-w- c:\documents and settings\Administrator\tmp947.tmp
2010-04-12 22:37 . 2010-04-12 22:37 0 ----a-w- c:\documents and settings\Administrator\tmp946.tmp
2010-04-12 22:37 . 2010-04-12 22:37 0 ----a-w- c:\documents and settings\Administrator\tmp945.tmp
2010-04-12 22:37 . 2010-04-12 22:37 0 ----a-w- c:\documents and settings\Administrator\tmp944.tmp
2010-04-12 22:37 . 2010-04-12 22:37 0 ----a-w- c:\documents and settings\Administrator\tmp943.tmp
2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp66.tmp
2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp65.tmp
2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp64.tmp
2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp63.tmp
2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp62.tmp
2010-04-12 21:01 . 2010-04-12 21:01 0 ----a-w- c:\documents and settings\Administrator\tmp61.tmp
2010-04-12 19:57 . 2009-09-18 15:44 -------- d-----w- c:\program files\Coupon Printer
2010-04-12 17:55 . 2010-04-12 17:55 311296 ----a-w- c:\documents and settings\Administrator\~DF57B1.tmp
2010-04-12 15:59 . 2010-04-12 15:59 65536 ----a-w- c:\documents and settings\Administrator\ima91F3.tmp
2010-04-12 15:59 . 2010-04-12 15:59 65536 ----a-w- c:\documents and settings\Administrator\ima91F2.tmp
2010-04-12 14:27 . 2010-04-12 14:27 32768 ----atw- c:\documents and settings\LocalService\cch8989.tmp
2010-04-12 14:27 . 2010-04-12 14:27 32768 ----atw- c:\documents and settings\LocalService\cch8988.tmp
2010-04-12 14:03 . 2010-04-12 14:03 798 ----atw- c:\documents and settings\Administrator\AcrC657.tmp
2010-04-12 14:03 . 2010-04-12 14:03 358 ----a-w- c:\documents and settings\Administrator\AcrC656.tmp
2010-04-11 18:30 . 2009-03-21 00:11 -------- d-----w- c:\program files\Hide-IP-Browser
2010-04-11 18:29 . 2008-09-20 08:59 -------- d-----w- c:\program files\EphPod
2010-04-11 18:28 . 2008-02-26 10:18 -------- d-----w- c:\program files\DAMN NFO Viewer
2010-04-11 18:15 . 2009-06-16 09:17 -------- d-----w- c:\program files\Audio Mid Recorder
2010-04-11 13:30 . 2010-04-11 13:30 32768 ----atw- c:\documents and settings\LocalService\cch5DF.tmp
2010-04-11 13:30 . 2010-04-11 13:30 32768 ----atw- c:\documents and settings\LocalService\cch5DE.tmp
2010-04-11 13:30 . 2010-04-11 13:30 32768 ----atw- c:\documents and settings\LocalService\cch5DC.tmp
2010-04-11 13:30 . 2010-04-11 13:30 32768 ----atw- c:\documents and settings\LocalService\cch5DB.tmp
2010-04-11 12:54 . 2010-04-11 12:54 32768 ----a-w- c:\documents and settings\Administrator\~DF182B.tmp
2010-04-11 12:32 . 2009-01-12 23:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit
2010-04-11 10:10 . 2010-04-11 10:10 155 ----a-w- c:\documents and settings\Administrator\qfn53A4.tmp
2010-04-11 10:10 . 2010-04-11 10:10 155 ----a-w- c:\documents and settings\Administrator\qfn5399.tmp
2010-04-11 10:10 . 2010-04-11 10:10 156 ----a-w- c:\documents and settings\Administrator\qfn537E.tmp
2010-04-11 10:10 . 2010-04-11 10:10 156 ----a-w- c:\documents and settings\Administrator\qfn537C.tmp
2010-04-11 10:09 . 2010-04-11 10:09 581 ----a-w- c:\documents and settings\Administrator\qfn534F.tmp
2010-04-11 10:09 . 2010-04-11 10:09 122 ----a-w- c:\documents and settings\Administrator\qfn534E.tmp
2010-04-11 10:09 . 2010-04-11 10:09 127 ----a-w- c:\documents and settings\Administrator\~fx532B.tmp
2010-04-11 10:09 . 2008-02-26 08:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-11 10:08 . 2010-04-11 10:08 2293 ----a-w- c:\documents and settings\Administrator\~fx52C3.tmp
2010-04-11 10:08 . 2010-04-11 10:08 5166 ----a-w- c:\documents and settings\Administrator\~fx52BE.tmp
2010-04-11 10:07 . 2010-04-11 10:07 371 ----a-w- c:\documents and settings\Administrator\~fx52BC.tmp
2010-04-11 10:07 . 2010-04-11 10:07 567 ----a-w- c:\documents and settings\Administrator\~fx52B7.tmp
2010-04-10 15:58 . 2010-04-10 15:58 201 ----a-w- c:\documents and settings\Administrator\1CA9223A.TMP
2010-04-10 15:06 . 2010-04-10 15:06 358 ----a-w- c:\documents and settings\Administrator\Acr390A.tmp
2010-04-10 12:48 . 2008-02-26 13:08 -------- d-----w- c:\program files\PocoMail4
2010-04-09 18:51 . 2010-04-09 18:51 72 ----a-w- c:\documents and settings\Administrator\DFB96C33.TMP
2010-04-08 14:05 . 2010-03-09 17:29 0 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-04-07 17:11 . 2010-04-07 17:11 65536 ----a-w- c:\documents and settings\Administrator\imaD9D.tmp
2010-04-07 17:11 . 2010-04-07 17:11 65536 ----a-w- c:\documents and settings\Administrator\imaD9C.tmp
2010-04-05 17:33 . 2010-04-05 19:39 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2010-04-05 10:32 . 2010-04-05 10:32 65536 ----a-w- c:\documents and settings\Administrator\ima3AA9.tmp
2010-04-02 10:53 . 2008-12-07 19:16 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-02 10:53 . 2008-12-07 19:16 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-29 23:46 . 2009-02-16 16:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-02-16 16:23 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 14:28 . 2008-02-26 10:27 212884256 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-09 14:28 . 2008-02-26 10:27 3929888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((( [email protected]_13.49.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-31 15:48 . 2008-03-20 15:41 49152 c:\windows\system32\SysTrayDll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sharefolder.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159
"49152:UDP"= 49152:UDP:UDP49152
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 21:41 33808]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/03/2008 10:44 716272]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [29/03/2010 21:44 7936]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [26/02/2008 21:18 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [26/02/2008 21:18 3904]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [23/08/2009 14:38 91392]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [26/02/2008 09:16 38656]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [25/05/2007 13:48 17792]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 18:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 21:59 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/02/2009 17:23 20824]
S1 07061031;07061031;c:\windows\system32\DRIVERS\07061031.sys --> c:\windows\system32\DRIVERS\07061031.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/02/2009 17:23 303952]
S3 serusb;Motorola USB Comm Port;c:\windows\system32\drivers\usbser.sys [13/06/2008 11:17 25728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-04-14 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-03-31 08:53]
.
.
------- Supplementary Scan -------
.
uStart Page = go.microsoft.com/fwlink/?LinkId=69157
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 127.0.0.1:8080
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0f2z73s5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2383985&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.teamtalk.com/football/liverpool/0,16370,1776,00.html
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 18:09
Windows 5.1.2600 Service Pack 3, v.5913 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2f,dc,c3,19,7b,78,1e,06,97,b3,bc,6b,7e,78,86,ad,eb,63,65,43,4e,
62,02,ba,e0,8b,73,89,91,bc,12,c3,68,38,96,11,44,e3,76,09,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a58038e8-b5a1-40ea-ba69-09493dee79cc}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007f
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,2d,87,8e,50,e4,4d,0f,23,8e,09,53,4f,63,bc,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="3FD30FB91373E6FC0D4582EF7868E1B743371C52DA752858C172C647FA6E94DE4AE58A33BC8765FD98EB47C8226891F9449437EE9BC18716F314CCBCA1FAA01364AB59FC23E77B413D2E85C03F1A939AB118998DD5B6BB71FA2A158C5E605532FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933FEBC9E127BECC74CFBEE69B6AEB2806E2530264CAE1364CB3B14A2BF8A8DBE03E0EF8039A5E9687714E80A38672C97CD9A9447CCA07C1E284B276C5B2BA7F5FA1F3F0DF5EE25A5E5972CA5BDACB2EFA5745D77609B82550FB4CBAD1951EDE1A26EFE554A04474EA570202922113074D3B89CA851E0060B9E3B58FC540C5BB678ED7137435D836D36B80E56C21A2CA47AA1441F6EA2095239D38AC4EADB0B3E41F23BE1F1E9B0205D43244101445893801C2BF68B8AB4D4082982444134BF5606836659690C4619A494755342FE07688EC90E9BFCB4D54EF39A448F40005DEE925B61F34499651FD9647847712B2E5E94800CD09E2FD98FAD3A380BD21B6C0E76EAFA601D5BCC0C0D9E8831FBA1E74544C9282B500057FB284FA9F169D71B4D86D46A9B1611E4CE13E3E1F2D1AC75801362C914F19F840D1AD34BD4F4F9B7D9DA71497AD3EBB568078A2946E90C3986BBBBBCCA6DF63D4DFDF5B11470BA3AF34F4A94257E91EE6FC41962B8BE72B8E23BFCAFDFA969825E1418D26855473BF103212C16C21D610F6CCC7AA9CB8620B4557EB6B919C877F3DF510CDB2341753E5C68581FD01B030565953E4F15E2BD300FCEC8122CDE64D6A76C1ECD60BC4B5302C8C0625E8FED245799E0B19E18851CB3ACC2F559E6B462F667AD701144C0C3609CF158236E5FD0AF31F62DF1A78C53D01161C89D1078881C7543C9C35200B528F25F4C5C233A881FE67DF31E098E453824C9BE74FE63CBAB7BC93585D9D5E04C915D5F4A0B04569BFC518834A8EB767F42046262CC4E457C9514626CC0B193866C2503B178665E5EE6354649E3A4FB027E7911ED04B3A12992D3538EDC2A2F51B3D4805CB1B0D5E44ECF58778D62825E1F7BFC22A5B59F1073A35F87FDF6A86EC26D74157052886F8E2BBFDB6E6DC8F49ABC2B8CA49595D66FFDAFF765F589612FD44DADE2625382B8B6D19940B7236D215377BFE9BCE961714545834527EDF140534EF92A1CA86892433754B1D1F63214BC0DD352379ADD183D7151492F892D701711D3DDDA8FAE13876B3767F2416F0757EE622BB3B63A358D5B0D0DD81F6171B17F968723A225661FC0EF76F69098C5E6F10A3B0863A84F43FCE5230F892525975A24A3180F61ED075CAE6B5C09E34C92426E3AAA57A1224E27900FE334CE23233660260696BDBEA2B4AAC4C5E04B4DE5DAB4D1B66060"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1720)
c:\windows\system32\hnetcfg.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
.
**************************************************************************
.
Completion time: 2010-04-14 18:17:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-14 17:17
ComboFix2.txt 2010-04-14 14:01
Pre-Run: 9,552,904,192 bytes free
Post-Run: 9,516,449,792 bytes free
- - End Of File - - 4658EB83CC9CB948C55B253A27A91428
 

snifferhann

Thread Starter
Joined
Apr 14, 2010
Messages
3
I ve just seen a similar problem on this site so have ran dds. Log below:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 19:00:57.71 on 14/04/2010
Internet Explorer: 6.0.2900.3180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2617 [GMT 1:00]
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Documents and Settings\Administrator\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = go.microsoft.com/fwlink/?LinkId=69157
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 127.0.0.1:8080
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\0f2z73s5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2383985&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.teamtalk.com/football/liverpool/0,16370,1776,00.html
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\0f2z73s5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-4-14 3968]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-3-29 7936]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-3-2 296976]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-7-3 303376]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2008-2-26 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2008-2-26 3904]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-8-23 91392]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-2-26 38656]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-5-25 17792]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-16 20824]
S1 07061031;07061031;c:\windows\system32\drivers\07061031.sys --> c:\windows\system32\drivers\07061031.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-16 303952]
S3 cpuz132;cpuz132;\??\c:\documents and settings\administrator\cpuz132\cpuz132_x32.sys --> c:\documents and settings\administrator\cpuz132\cpuz132_x32.sys [?]
S3 serusb;Motorola USB Comm Port;c:\windows\system32\drivers\usbser.sys [2008-6-13 25728]
=============== Created Last 30 ================
2010-04-14 18:00:56 0 d-----w- c:\documents and settings\administrator\781.tmp
2010-04-14 17:41:42 0 d-----w- c:\documents and settings\administrator\WPDNSE
2010-04-14 14:34:51 0 d-----w- c:\program files\RootQuest
2010-04-14 13:26:45 0 d-sha-r- C:\cmdcons
2010-04-14 13:24:18 98816 ----a-w- c:\windows\sed.exe
2010-04-14 13:24:18 77312 ----a-w- c:\windows\MBR.exe
2010-04-14 13:24:18 261632 ----a-w- c:\windows\PEV.exe
2010-04-14 13:24:18 161792 ----a-w- c:\windows\SWREG.exe
2010-04-14 12:58:50 96384 ----a-w- c:\documents and settings\administrator\bck1.tmp
2010-04-14 12:46:53 203 ----a-w- c:\documents and settings\administrator\~fx9BF.tmp
2010-04-14 12:46:52 127 ----a-w- c:\documents and settings\administrator\~fx9BE.tmp
2010-04-14 12:46:51 127 ----a-w- c:\documents and settings\administrator\~fx9BA.tmp
2010-04-14 12:46:47 7705 ----a-w- c:\documents and settings\administrator\~fx995.tmp
2010-04-14 10:59:52 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-04-14 10:56:08 96384 ----a-w- c:\documents and settings\administrator\bckE16.tmp
2010-04-14 09:44:21 96384 ----a-w- c:\documents and settings\administrator\bck22.tmp
2010-04-14 09:40:36 98304 ----a-w- c:\windows\system32\drivers\tsk11.tmp
2010-04-14 09:40:25 96384 ----a-w- c:\documents and settings\administrator\bck10.tmp
2010-04-14 09:32:50 96384 ----a-w- c:\documents and settings\administrator\bck618.tmp
2010-04-14 09:32:15 0 d-----w- c:\documents and settings\administrator\Rar$EX00.047
2010-04-13 23:39:41 29614081 ----a-w- c:\documents and settings\administrator\fla370.tmp
2010-04-13 21:22:58 13778 ----a-w- C:\exe.dat
2010-04-13 20:26:39 0 d-----w- c:\program files\Enigma Software Group
2010-04-13 20:04:16 0 d-----w- c:\documents and settings\administrator\plugtmp-7
2010-04-13 19:50:41 147456 ----a-w- C:\catchme.exe
2010-04-13 19:37:01 0 d-----w- c:\docume~1\admini~1\applic~1\QuickScan
2010-04-13 18:58:48 0 d-----w- c:\documents and settings\administrator\HouseCall
2010-04-13 18:58:38 0 d-----w- c:\documents and settings\administrator\HCBackup
2010-04-13 18:37:15 311296 ----a-w- c:\documents and settings\administrator\~DF7E5C.tmp
2010-04-13 17:35:48 311296 ----a-w- c:\documents and settings\administrator\~DF713C.tmp
2010-04-13 16:45:28 707348 ----a-w- c:\documents and settings\administrator\IMTE.xml
2010-04-13 16:45:28 426 ----a-w- c:\documents and settings\administrator\IMTD.xml
2010-04-13 16:45:28 1994 ----a-w- c:\documents and settings\administrator\IMTC.xml
2010-04-13 10:33:19 213 ----a-w- c:\documents and settings\administrator\~fx12.tmp
2010-04-13 10:33:18 127 ----a-w- c:\documents and settings\administrator\~fx11.tmp
2010-04-13 10:33:13 2407 ----a-w- c:\documents and settings\administrator\~fx10.tmp
2010-04-12 22:37:59 0 ----a-w- c:\documents and settings\administrator\tmp947.tmp
2010-04-12 22:37:59 0 ----a-w- c:\documents and settings\administrator\tmp946.tmp
2010-04-12 22:37:59 0 ----a-w- c:\documents and settings\administrator\tmp945.tmp
2010-04-12 22:37:57 0 ----a-w- c:\documents and settings\administrator\tmp944.tmp
2010-04-12 22:37:57 0 ----a-w- c:\documents and settings\administrator\tmp943.tmp
2010-04-12 21:01:34 0 ----a-w- c:\documents and settings\administrator\tmp66.tmp
2010-04-12 21:01:34 0 ----a-w- c:\documents and settings\administrator\tmp65.tmp
2010-04-12 21:01:34 0 ----a-w- c:\documents and settings\administrator\tmp64.tmp
2010-04-12 21:01:34 0 ----a-w- c:\documents and settings\administrator\tmp63.tmp
2010-04-12 21:01:15 0 ----a-w- c:\documents and settings\administrator\tmp62.tmp
2010-04-12 21:01:14 0 ----a-w- c:\documents and settings\administrator\tmp61.tmp
2010-04-12 19:47:26 0 d-----w- c:\documents and settings\administrator\hsperfdata_Administrator
2010-04-12 17:55:44 311296 ----a-w- c:\documents and settings\administrator\~DF57B1.tmp
2010-04-12 15:59:57 65536 ----a-w- c:\documents and settings\administrator\ima91F3.tmp
2010-04-12 15:59:57 65536 ----a-w- c:\documents and settings\administrator\ima91F2.tmp
2010-04-12 15:55:55 1272663 ----a-r- c:\documents and settings\administrator\Crazy on the Outside disc.rar
2010-04-12 14:03:51 798 ----atw- c:\documents and settings\administrator\AcrC657.tmp
2010-04-12 14:03:19 358 ----a-w- c:\documents and settings\administrator\AcrC656.tmp
2010-04-12 13:46:19 0 d-----w- c:\documents and settings\administrator\plugtmp-4
2010-04-12 12:21:39 0 d-----w- c:\documents and settings\administrator\hsperfdata_SYSTEM
2010-04-11 12:54:23 32768 ----a-w- c:\documents and settings\administrator\~DF182B.tmp
2010-04-11 12:30:41 554064 ----a-w- c:\documents and settings\administrator\LiveUpdate.exe
2010-04-11 12:30:41 554064 ----a-w- c:\documents and settings\administrator\LiveUpdate.dat
2010-04-11 12:28:59 0 d-----w- c:\documents and settings\administrator\LiveUpdate
2010-04-11 10:29:06 0 d-----w- c:\documents and settings\administrator\plugtmp-3
2010-04-11 10:10:14 155 ----a-w- c:\documents and settings\administrator\qfn53A4.tmp
2010-04-11 10:10:14 155 ----a-w- c:\documents and settings\administrator\qfn5399.tmp
2010-04-11 10:10:09 156 ----a-w- c:\documents and settings\administrator\qfn537E.tmp
2010-04-11 10:10:09 156 ----a-w- c:\documents and settings\administrator\qfn537C.tmp
2010-04-11 10:09:58 581 ----a-w- c:\documents and settings\administrator\qfn534F.tmp
2010-04-11 10:09:58 122 ----a-w- c:\documents and settings\administrator\qfn534E.tmp
2010-04-11 10:09:40 127 ----a-w- c:\documents and settings\administrator\~fx532B.tmp
2010-04-11 10:09:09 0 d-----w- c:\program files\common files\AnswerWorks 5.0
2010-04-11 10:09:03 0 d-----w- c:\documents and settings\administrator\bye52C4.tmp
2010-04-11 10:08:59 2293 ----a-w- c:\documents and settings\administrator\~fx52C3.tmp
2010-04-11 10:08:15 5166 ----a-w- c:\documents and settings\administrator\~fx52BE.tmp
2010-04-11 10:07:44 0 d-----w- c:\docume~1\admini~1\applic~1\Intuit
2010-04-11 10:07:43 371 ----a-w- c:\documents and settings\administrator\~fx52BC.tmp
2010-04-11 10:07:33 31 ----a-w- c:\windows\QUICKEN.INI
2010-04-11 10:07:16 567 ----a-w- c:\documents and settings\administrator\~fx52B7.tmp
2010-04-11 10:07:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-04-11 00:04:49 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-04-10 15:58:39 201 ----a-w- c:\documents and settings\administrator\1CA9223A.TMP
2010-04-10 15:06:46 358 ----a-w- c:\documents and settings\administrator\Acr390A.tmp
2010-04-09 18:51:12 72 ----a-w- c:\documents and settings\administrator\DFB96C33.TMP
2010-04-07 17:11:10 65536 ----a-w- c:\documents and settings\administrator\imaD9D.tmp
2010-04-07 17:11:10 65536 ----a-w- c:\documents and settings\administrator\imaD9C.tmp
2010-04-06 11:11:39 74390 ----a-w- c:\documents and settings\administrator\2kdnsygk.bmp
2010-04-05 10:32:02 65536 ----a-w- c:\documents and settings\administrator\ima3AA9.tmp
2010-04-04 16:21:33 0 d-----w- c:\program files\STOIK Imaging
2010-04-04 16:21:02 0 d-----w- c:\documents and settings\administrator\isp19ED.tmp
2010-04-04 16:19:43 7680 ------w- c:\documents and settings\administrator\SegPlayPCRegisterPatterns.exe
2010-04-04 16:19:43 7680 ------w- c:\documents and settings\administrator\SegPlayPCDXCheck.exe
2010-04-04 16:19:43 74448 ------w- c:\documents and settings\administrator\DSETUP.dll
2010-04-04 16:19:43 6656 ------w- c:\documents and settings\administrator\SegPlayPCInstallCheck.exe
2010-04-04 16:19:43 626688 ------w- c:\documents and settings\administrator\msvcr80.dll
2010-04-04 16:19:43 548864 ------w- c:\documents and settings\administrator\msvcp80.dll
2010-04-04 16:19:43 479232 ------w- c:\documents and settings\administrator\msvcm80.dll
2010-04-04 16:19:43 1869 ------w- c:\documents and settings\administrator\Microsoft.VC80.CRT.manifest
2010-04-04 16:19:40 0 d-----w- c:\program files\Segmation
2010-04-02 10:58:30 0 d-----w- c:\documents and settings\administrator\RarSFX0
2010-03-30 14:45:19 0 ----a-w- c:\documents and settings\administrator\mmc2B206E82.xml
2010-03-30 14:31:16 0 ----a-w- c:\documents and settings\administrator\mmc04FB70EC.xml
2010-03-30 14:29:00 0 ----a-w- c:\documents and settings\administrator\mmc03E8EDF4.xml
2010-03-30 14:02:38 0 ----a-w- c:\documents and settings\administrator\mmc00F47DD0.xml
2010-03-30 10:28:00 0 ----a-w- c:\documents and settings\administrator\mmc11DE3390.xml
2010-03-30 10:10:58 0 ----a-w- c:\documents and settings\administrator\mmc07174260.xml
2010-03-30 08:55:40 0 d-----w- c:\documents and settings\administrator\plugtmp-2
2010-03-29 20:44:57 0 d-----w- c:\docume~1\alluse~1\applic~1\FNET
2010-03-29 20:44:49 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2010-03-29 20:44:44 0 d-----w- c:\program files\PcCloneEX
2010-03-29 13:53:42 0 d-----w- c:\documents and settings\administrator\plugtmp-1
2010-03-29 13:46:40 28480 ----a-r- c:\documents and settings\administrator\AMPing.exe
2010-03-28 02:59:10 0 d-----w- c:\docume~1\admini~1\applic~1\Mufe
2010-03-27 12:47:28 0 d-----w- c:\documents and settings\administrator\plugtmp
2010-03-25 23:58:54 123 ----a-w- c:\documents and settings\administrator\CFG8056.tmp
2010-03-25 23:57:28 128536 ----a-w- c:\documents and settings\administrator\DAPREMOVE.EXE
2010-03-25 00:32:13 65536 ----a-w- c:\documents and settings\administrator\~DFC889.tmp
2010-03-25 00:31:56 65536 ----a-w- c:\documents and settings\administrator\~DF2BD0.tmp
2010-03-25 00:31:28 65536 ----a-w- c:\documents and settings\administrator\~DF5C4B.tmp
2010-03-24 20:52:53 0 d-----w- c:\documents and settings\administrator\OIS
2010-03-24 15:30:02 0 d-----w- c:\documents and settings\administrator\VBE
2010-03-23 18:17:17 0 d-----w- c:\documents and settings\administrator\Acrobat Distiller 8
2010-03-23 15:53:15 3532 ----a-w- C:\drmHeader.bin
2010-03-23 13:09:09 0 d-----w- c:\program files\Seagate
2010-03-23 13:04:21 71680 ----a-w- c:\documents and settings\administrator\GLBFD7.tmp
2010-03-23 10:55:31 0 d-----w- c:\temp\MotoConnectTemp
2010-03-23 09:44:03 65536 ----a-w- c:\documents and settings\administrator\~DF4243.tmp
2010-03-22 22:54:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SpeedBit
2010-03-22 22:54:12 138760 ----a-w- c:\documents and settings\administrator\RunWizards.exe
2010-03-22 22:53:45 99800 ----a-w- c:\documents and settings\administrator\cabex.dll
2010-03-22 22:53:45 1748 ----a-w- c:\documents and settings\administrator\dapcleanerie.htm
2010-03-22 22:53:45 0 d-----w- c:\documents and settings\administrator\LocalesU
2010-03-22 22:34:39 65536 ----a-w- c:\documents and settings\administrator\~DFDBB7.tmp
2010-03-22 22:31:16 65536 ----a-w- c:\documents and settings\administrator\~DF7D9A.tmp
2010-03-22 14:45:10 65536 ----a-w- c:\documents and settings\administrator\~DF4DB1.tmp
2010-03-22 00:10:54 1192 ----a-w- c:\documents and settings\administrator\Address Labels (902794588844).pdf
2010-03-20 21:25:25 0 d-----w- c:\documents and settings\administrator\plugtmp-52
2010-03-19 21:58:52 65536 ----a-w- c:\documents and settings\administrator\ima344E.tmp
2010-03-18 16:31:27 65536 ----a-w- c:\documents and settings\administrator\~DF8791.tmp
2010-03-18 16:22:56 65536 ----a-w- c:\documents and settings\administrator\~DF8AB.tmp
2010-03-18 16:17:34 65536 ----a-w- c:\documents and settings\administrator\ima3365.tmp
2010-03-18 16:17:34 65536 ----a-w- c:\documents and settings\administrator\ima3364.tmp
2010-03-18 15:06:16 65536 ----a-w- c:\documents and settings\administrator\~DF530A.tmp
2010-03-18 10:05:17 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-03-18 09:38:20 113 ----a-w- c:\documents and settings\administrator\010ADD2C.TMP
2010-03-18 08:42:26 977 ----atw- c:\documents and settings\administrator\BCGB.tmp
2010-03-18 08:42:26 977 ----atw- c:\documents and settings\administrator\BCGA.tmp
2010-03-18 00:36:16 473 ----a-w- c:\documents and settings\administrator\DLL_{42929F0F-CE14-47AF-9FC7-FF297A603021}.ini
2010-03-18 00:36:16 0 ----a-w- c:\documents and settings\administrator\is1679.tmp
2010-03-17 18:48:03 0 d-----w- C:\8d113d41ec57f411bf7fbeb77296
2010-03-17 18:47:22 0 ----a-w- c:\documents and settings\administrator\~A.tmp
2010-03-17 14:36:48 36864 ----a-w- c:\windows\system32\MD5.ocx
2010-03-17 14:36:47 0 d-----w- c:\program files\XP_Key_Changer
2010-03-17 14:22:18 0 ----a-w- c:\documents and settings\administrator\aax2331.tmp
2010-03-17 14:15:11 0 ----a-w- c:\documents and settings\administrator\aax22AA.tmp
2010-03-17 09:53:53 0 d-----w- c:\documents and settings\administrator\{EAAB5FBB-9737-4A6C-A5C0-4B3D76BC932B}
2010-03-16 21:21:59 0 d-----w- c:\program files\Loaris
2010-03-16 20:59:32 0 d-----w- c:\windows\system32\CatRoot_bak
2010-03-16 20:50:27 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-03-16 20:50:00 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-03-16 20:49:56 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-03-16 20:49:56 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-03-16 20:46:34 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-16 20:46:10 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-16 20:46:09 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-16 20:46:09 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-16 20:41:02 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-03-16 20:04:01 0 d-----w- c:\documents and settings\administrator\{CD20B98A-59DB-4AC6-A0D3-320C9DE30F71}
2010-03-16 20:02:48 0 d-----w- c:\documents and settings\administrator\{F49C43BB-75D0-4254-981A-7BD8DC9B7CB4}
2010-03-16 19:54:32 0 d-----w- c:\documents and settings\administrator\{748C82FE-86A8-4EBC-8F2A-E62F02EC1EA4}
2010-03-16 19:33:11 0 d-----w- c:\documents and settings\administrator\{3C3EB740-800F-47A4-805E-A0F1FF2DB3A1}
2010-03-16 19:32:54 0 d-----w- c:\documents and settings\administrator\{60406820-78A4-4B73-B854-0FD24274B3DD}
2010-03-16 19:31:53 0 d-----w- c:\documents and settings\administrator\{77F02026-2A07-412B-9BC9-31C821E564B9}
2010-03-16 19:31:45 0 d-----w- c:\documents and settings\administrator\{AD7FCDD2-E764-4A32-9EA3-DFB3A0D7F316}
2010-03-16 19:31:42 0 d-----w- c:\documents and settings\administrator\{54B73E95-C0BA-468B-8F17-165FA66899CF}
2010-03-16 19:31:34 0 d-----w- c:\documents and settings\administrator\{EF72E2D7-2A39-4189-8F4E-D7F8A71B1F05}
2010-03-16 19:31:21 0 d-----w- c:\documents and settings\administrator\{40B2F6E0-A451-47D9-8EAC-771513FF197B}
2010-03-16 19:31:01 0 d-----w- c:\documents and settings\administrator\{16C661F1-8928-430A-8521-2C6C022F80FB}
2010-03-16 15:34:33 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-03-16 15:30:12 494 ----a-w- C:\appbckp1.reg
2010-03-16 15:30:12 1234874 ----a-w- C:\appbckp2.reg
2010-03-16 15:28:52 0 d-----w- c:\program files\%temp%
2010-03-16 15:28:52 0 ----a-w- c:\documents and settings\administrator\~5E4C.tmp
2010-03-16 14:21:39 65536 ----a-w- c:\documents and settings\administrator\~DFBF6A.tmp
2010-03-16 14:19:41 65536 ----a-w- c:\documents and settings\administrator\~DF8315.tmp
2010-03-16 14:11:20 65536 ----a-w- c:\documents and settings\administrator\~DFBB9.tmp
2010-03-16 14:10:07 0 d-----w- c:\docume~1\alluse~1\applic~1\AltrixSoft
2010-03-16 14:09:42 0 d-----w- c:\program files\Hard Drive Inspector
2010-03-16 14:09:39 0 d-----w- c:\program files\common files\AltrixSoft
2010-03-16 14:09:24 0 d-----w- c:\documents and settings\administrator\nsp3D1C.tmp
2010-03-16 14:01:06 65536 ----a-w- c:\documents and settings\administrator\~DFBC8C.tmp
2010-03-16 13:40:01 0 d-----w- c:\program files\MUP
2010-03-16 13:34:48 0 d-----w- c:\program files\Shabestar.net
2010-03-16 13:34:41 123 ----a-w- c:\documents and settings\administrator\CFG346E.tmp
2010-03-16 13:34:34 123 ----a-w- c:\documents and settings\administrator\CFG346B.tmp
==================== Find3M ====================
2010-04-14 12:59:47 96384 ------w- c:\windows\system32\drivers\atapi.sys
2010-04-08 14:05:48 0 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-04-02 10:53:39 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 21:24:37 9728 ----a-w- c:\documents and settings\administrator\bassmod.dll
2010-03-02 12:59:10 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-03-02 12:59:10 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-03-02 12:26:43 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-02-24 08:52:42 880992 ----a-r- c:\documents and settings\administrator\InstallManager_BAB_BAB.exe
2010-02-22 18:01:49 3319168 ----a-w- c:\documents and settings\administrator\Paint.NET.3.5.3.Update.exe
2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(9).dll
2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(8).dll
2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(7).dll
2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(6).dll
2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(5).dll
2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(4).dll
2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(3).dll
2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(2).dll
2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(11).dll
2010-02-15 14:34:11 41984 ----a-w- c:\windows\system32\RtkCoInstXP(10).dll
2010-02-03 10:16:56 2618377 ----a-w- c:\documents and settings\administrator\idman5188.exe
2010-01-26 16:50:15 2959376 ----a-w- c:\documents and settings\administrator\dotnetfx35setup.exe
2007-02-01 18:02:54 313344 ----a-w- c:\program files\hjsplit.exe
2007-01-15 08:36:30 118784 ----a-w- c:\program files\FixVTS.exe
2006-06-23 22:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
2009-07-09 14:28:23 212884256 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-09 14:28:23 3929888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
============= FINISH: 19:01:51.15 ===============
 

Attachments

snifferhann

Thread Starter
Joined
Apr 14, 2010
Messages
3
GMER log below. Using version 1.0.15 Wouldn't let me change as many options as described in previous threads using older GMER version, I guessed this was due to new version.

Thanks

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 23:30:56
Windows 5.1.2600 Service Pack 3, v.5913
Running: use.exe

---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a289
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff0d620
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xF9 0x6C 0xFF 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x24 0xB9 0x04 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x87 0xFA 0x3D 0xF5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011b107a289 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0013eff0d620 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xF9 0x6C 0xFF 0xE1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x24 0xB9 0x04 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x87 0xFA 0x3D 0xF5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 3FD30FB91373E6FC0D4582EF7868E1B743371C52DA752858C172C647FA6E94DE4AE58A33BC8765FD98EB47C8226891F9449437EE9BC18716F314CCBCA1FAA01364AB59FC23E77B413D2E85C03F1A939AB118998DD5B6BB71FA2A158C5E605532FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933FEBC9E127BECC74CFBEE69B6AEB2806E2530264CAE1364CB3B14A2BF8A8DBE03E0EF8039A5E9687714E80A38672C97CD9A9447CCA07C1E284B276C5B2BA7F5FA1F3F0DF5EE25A5E5972CA5BDACB2EFA5745D77609B82550FB4CBAD1951EDE1A26EFE554A04474EA570202922113074D3B89CA851E0060B9E3B58FC540C5BB678ED7137435D836D36B80E56C21A2CA47AA1441F6EA2095239D38AC4EADB0B3E41F23BE1F1E9B0205D43244101445893801C2BF68B8AB4D4082982444134BF5606836659690C4619A494755342FE07688EC90E9BFCB4D54EF39A448F40005DEE925B61F34499651FD9647847712B2E5E94800CD09E2FD98FAD3A380BD21B6C0E76EAFA601D5BCC0C0D9E8831FBA1E74544C9282B500057FB284FA9F169D71B4D86D46A9B1611E4CE13E3E1F2D1AC75801362C914F19F840D1AD34BD4F4F9B7D9DA71497AD3EBB568078A2946E90C3986BBBBBCCA6DF63D4DF
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x2F 0xDC 0xC3 0x19 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{a58038e8-b5a1-40ea-ba69-09493dee79cc}@Model 127
Reg HKLM\SOFTWARE\Classes\CLSID\{a58038e8-b5a1-40ea-ba69-09493dee79cc}@Therad 15
Reg HKLM\SOFTWARE\Classes\CLSID\{a58038e8-b5a1-40ea-ba69-09493dee79cc}@MData 0xCB 0x9B 0xAD 0xEF ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\LocalService\cch5E2.tmp 0 bytes
File C:\Documents and Settings\LocalService\cch5E3.tmp 0 bytes
File C:\TDSSKiller.2.2.8.1_14.04.2010_23.18.11_log.txt 49970 bytes
---- EOF - GMER 1.0.15 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top