Zdravim, toto je log pocitace meho znameho ..s nejvetsi pravdepodobnosti je pekne infikovanej. Avast vyhazuje chyby ze je nemozne prijimat maily z nezname adresy na neznamou adresu v ten samy moment. Nekter aplikace se nacitaji silene dlouho. Poprosil bych o kontrolu. Dekuji
####
Logfile of random's system information tool 1.07 (written by random/random)
Run by Bob Brady at 2010-06-20 22:55:33
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 25 GB (47%) free of 54 GB
Total RAM: 759 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:56:00, on 20/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\VVSN\VVSN.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Bob Brady\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Bob Brady.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe thxr.wgo nwfdtx
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (file missing)
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll (file missing)
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll (file missing)
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [nod32] C:\DOCUME~1\BOBBRA~1\LOCALS~1\Temp\nodqq.exe
O4 - HKCU\..\Run: [dso32] C:\DOCUME~1\BOBBRA~1\LOCALS~1\Temp\dsoqq.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3521054984
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs:
O21 - SSODL: eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: Google Update Service (gupdate1c9b5624e04980) (gupdate1c9b5624e04980) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
--
End of file - 8010 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
MediaBar - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
MediaBar - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
PHPNukeEN Toolbar - C:\Program Files\PHPNukeEN\tbPHPN.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - MediaBar - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll []
{0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll []
{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - PHPNukeEN Toolbar - C:\Program Files\PHPNukeEN\tbPHPN.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-06-10 249856]
"dlcdmon.exe"=C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe [2005-10-07 430080]
"MemoryCardManager"= []
"DataMngr"=C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"VVSN"=C:\Program Files\VVSN\VVSN.exe [2005-10-25 107520]
"DLCDCATS"=rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32"=C:\DOCUME~1\BOBBRA~1\LOCALS~1\Temp\nodqq.exe []
"dso32"=C:\DOCUME~1\BOBBRA~1\LOCALS~1\Temp\dsoqq.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\ccleaner.exe [2008-05-28 1197296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
c:\dell\E-Center\gtb.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe [2007-02-10 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\O2Start]
C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /s []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-16 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2006-03-24 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2007-03-10 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"wltrysvc"=2
"NICCONFIGSVC"=2
"IDriverT"=3
"hnmsvc"=2
"gusvc"=3
"gupdate1c9b5624e04980"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dlcdcoms.exe"="C:\WINDOWS\system32\dlcdcoms.exe:*:Enabled:Dell 944 Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdPSWX.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdPSWX.EXE:*:Enabled:Dell 944 Printer Status"
"C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe:*:Enabled:3 DDataModem HSDPA"
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03ca2348-2139-11de-bee3-0015c568fbab}]
shell\AutoRun\command - F:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03ca2350-2139-11de-bee3-0015c568fbab}]
shell\AutoRun\command - F:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05e983d8-2389-11de-beef-0015c568fbab}]
shell\AutoRun\command - F:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16935dc8-8cbe-11de-8035-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16935dc9-8cbe-11de-8035-0015c568fbab}]
shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d14efa0-4474-11de-bf3d-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{224b6014-4c79-11de-bf5a-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36afa492-3587-11de-bf2c-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36afa493-3587-11de-bf2c-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cb14131-2aaa-11de-bf0e-0015c568fbab}]
shell\AutoRun\command - F:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5e999b-34de-11de-bf2a-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5e999d-34de-11de-bf2a-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d5e999e-34de-11de-bf2a-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deed05b-3426-11de-bf28-0015c568fbab}]
shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f87ab82-3e41-11de-bf37-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58f1d8e1-37d5-11de-bf2f-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e2232ae-4529-11de-bf3e-0015c568fbab}]
shell\AutoRun\command - F:\RECYCLER\lassas.exe
shell\OpEn\command - F:\RECYCLER\lassas.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67f56040-2ec9-11db-be95-806d6172696f}]
shell\AutoRun\command - C:\dqm.exe
shell\open\command - C:\dqm.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67f56041-2ec9-11db-be95-806d6172696f}]
shell\AutoRun\command - D:\dqm.exe
shell\open\command - D:\dqm.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c2d70ac-29db-11de-bf06-0015c568fbab}]
shell\AutoRun\command - F:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859692e4-348a-11de-bf29-0015c568fbab}]
shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859692e5-348a-11de-bf29-0015c568fbab}]
shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91357fc6-3c81-11de-bf34-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9871ffd8-3675-11de-bf2d-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9faaa582-22b8-11de-beec-0015c568fbab}]
shell\AutoRun\command - F:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3e1b8ce-355b-11de-bf2b-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3e1b8cf-355b-11de-bf2b-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a68d2ca6-784b-11de-bfdf-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6e4154c-68de-11de-bfb2-0015c568fbab}]
shell\AutoRun\command - H:\dqm.exe
shell\open\command - H:\dqm.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b914b314-3d84-11de-bf36-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9dc630a-81d6-11de-8007-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad72cf4-a064-11de-8086-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beeb34a0-269d-11de-befc-0015c568fbab}]
shell\AutoRun\command - F:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beeb34a3-269d-11de-befc-0015c568fbab}]
shell\AutoRun\command - F:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4976cfe-25a5-11de-bef9-0015c568fbab}]
shell\AutoRun\command - F:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4976cff-25a5-11de-bef9-0015c568fbab}]
shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd9a6106-5001-11dc-bec0-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd9a610a-5001-11dc-bec0-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd9a610b-5001-11dc-bec0-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfd3744e-373b-11de-bf2e-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e001b304-38a8-11de-bf30-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5348536-3993-11de-bf32-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8988c8c-42ed-11de-bf3b-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f552b83f-35f7-11df-8330-0015c568fbab}]
shell\AutoRun\command - H:\Launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69b3f9a-259d-11de-bef8-0015c568fbab}]
shell\AutoRun\command - F:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e922c1-3c8d-11de-bf35-0015c568fbab}]
shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e922c4-3c8d-11de-bf35-0015c568fbab}]
shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e922c5-3c8d-11de-bf35-0015c568fbab}]
shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffc7b5f2-3944-11de-bf31-0015c568fbab}]
shell\AutoRun\command - G:\AUTORUN.EXE
======List of files/folders created in the last 1 months======
2010-06-20 22:55:34 ----D---- C:\Program Files\trend micro
2010-06-20 22:55:33 ----D---- C:\rsit
2010-06-12 15:09:39 ----A---- C:\WINDOWS\lkv72l68rqxze6cgiawd9tuu.ini
2010-06-11 10:04:50 ----SHD---- C:\WINDOWS\system32\lowsec
2010-06-03 17:13:06 ----D---- C:\Program Files\Team JPN
2010-06-03 14:21:21 ----D---- C:\Program Files\VVSN
2010-06-03 14:20:48 ----D---- C:\Program Files\DAEMON Tools
======List of files/folders modified in the last 1 months======
2010-06-20 22:55:43 ----D---- C:\WINDOWS\Prefetch
2010-06-20 22:55:34 ----D---- C:\Program Files
2010-06-20 22:54:24 ----D---- C:\WINDOWS\Minidump
2010-06-20 22:54:24 ----D---- C:\WINDOWS
2010-06-20 22:54:20 ----D---- C:\WINDOWS\Temp
2010-06-20 22:24:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 22:23:40 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2010-06-20 22:19:05 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2010-06-20 22:18:57 ----D---- C:\Program Files\Dl_cats
2010-06-17 16:05:39 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-06-17 13:02:44 ----D---- C:\Documents and Settings\Bob Brady\Application Data\Skype
2010-06-17 12:58:46 ----D---- C:\Documents and Settings\Bob Brady\Application Data\skypePM
2010-06-16 20:49:54 ----D---- C:\Documents and Settings\Bob Brady\Application Data\vlc
2010-06-15 16:29:47 ----D---- C:\Program Files\EA GAMES
2010-06-15 15:07:50 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2010-06-15 09:15:08 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-06-12 15:09:39 ----HD---- C:\WINDOWS\inf
2010-06-11 20:39:23 ----D---- C:\Program Files\Outlook Express
2010-06-11 20:39:23 ----D---- C:\Program Files\Opera
2010-06-11 20:39:23 ----D---- C:\Program Files\Internet Explorer
2010-06-11 16:56:30 ----D---- C:\WINDOWS\system32
2010-06-11 10:04:23 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-06-07 15:41:19 ----D---- C:\WINDOWS\system32\DirectX
2010-06-07 09:25:32 ----D---- C:\Program Files\Counter-Strike 1.6
2010-06-03 14:20:49 ----D---- C:\WINDOWS\system32\drivers
2010-05-27 18:37:14 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-27 17:25:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2010-06-03 223128]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2006-03-13 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2006-03-13 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2006-03-13 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2006-03-13 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2006-03-13 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-05-15 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-26 10252544]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2008-08-22 26760]
S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90); C:\WINDOWS\system32\DRIVERS\swnc8u90.sys [2008-12-02 173312]
S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:\WINDOWS\system32\DRIVERS\swumx20.sys []
S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90); C:\WINDOWS\system32\DRIVERS\swumx90.sys [2008-11-17 145280]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 dlcd_device;dlcd_device; C:\WINDOWS\system32\dlcdcoms.exe [2005-10-27 491520]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 gupdate1c9b5624e04980;Google Update Service (gupdate1c9b5624e04980); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-05 137200]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosim o kontrolu logu
ComboFix 10-06-20.06 - Bob Brady 21/06/2010 18:03:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.759.415 [GMT 1:00]
Running from: c:\documents and settings\Bob Brady\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\Bob Brady\Local Settings\Application Data\DoubleD
c:\documents and settings\Bob Brady\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.5.24020\bin\stbup.exe
C:\p9rs.exe
c:\program files\Internet Explorer\rasadhlp.dll
c:\program files\Opera\rasadhlp.dll
c:\program files\Outlook Express\rasadhlp.dll
c:\windows\inf\vvt.pnf
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\thxr.wgo
D:\autorun.inf
Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\drivers\ndis.sys . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.
2010-06-20 21:55 . 2010-06-20 21:56 -------- d-----w- c:\program files\trend micro
2010-06-20 21:55 . 2010-06-20 21:56 -------- d-----w- C:\rsit
2010-06-11 09:04 . 2010-06-11 09:04 211072 ----a-w- c:\windows\system32\dllcache\ndis.sys
2010-06-03 16:13 . 2010-06-03 16:13 -------- d-----w- c:\program files\Team JPN
2010-06-03 13:21 . 2010-06-20 21:55 -------- d-----w- c:\program files\VVSN
2010-06-03 13:20 . 2010-06-03 13:20 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-06-03 13:20 . 2010-06-16 19:48 -------- d-----w- c:\program files\DAEMON Tools
2010-06-03 13:18 . 2010-06-03 13:18 96256 ----a-w- c:\windows\system32\drivers\sptd8333.sys
2010-06-03 13:18 . 2010-06-03 13:18 664064 ----a-w- c:\windows\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 17:11 . 2009-05-28 15:09 -------- d-----w- c:\program files\Opera
2010-06-20 22:29 . 2007-01-20 17:23 4300 ----a-w- c:\documents and settings\Bob Brady\Application Data\wklnhst.dat
2010-06-20 21:18 . 2006-08-22 17:52 -------- d-----w- c:\program files\Dl_cats
2010-06-17 12:02 . 2009-04-04 20:14 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\Skype
2010-06-17 11:58 . 2009-04-08 18:30 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\skypePM
2010-06-16 19:49 . 2010-05-16 19:31 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\vlc
2010-06-15 15:29 . 2010-01-02 20:56 -------- d-----w- c:\program files\EA GAMES
2010-06-11 09:04 . 2004-08-10 11:51 211072 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-06-07 08:25 . 2009-12-30 16:47 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-06-02 17:31 . 2006-08-18 15:32 65096 ----a-w- c:\documents and settings\Bob Brady\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 17:37 . 2006-08-16 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-16 13:36 . 2010-01-02 21:18 990 ----a-w- c:\windows\eReg.dat
2010-05-12 18:56 . 2010-05-12 18:56 111104 --sh--r- C:\xjb3.exe
2010-05-12 17:32 . 2010-05-12 17:26 -------- d-----w- c:\program files\Graboid
2010-05-03 11:59 . 2009-06-06 21:20 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\uTorrent
2010-04-28 16:52 . 2010-04-28 16:52 -------- d-----w- c:\program files\Roger Wilco
2010-04-28 16:52 . 2010-01-02 20:44 -------- d-----w- c:\program files\GameSpy Arcade
2009-09-30 20:07 . 2006-08-18 15:32 56 --sh--r- c:\windows\system32\449AF65687.sys
2009-09-30 19:56 . 2006-08-18 15:35 88 --sh--r- c:\windows\system32\8756F69A44.sys
2009-09-30 20:07 . 2006-08-18 15:32 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2010-06-11 09:04 . !HASH: COULD NOT OPEN FILE !!!!! . 211072 . . [------] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-06-11 09:04 . !HASH: COULD NOT OPEN FILE !!!!! . 211072 . . [------] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 19:20 . !HASH: COULD NOT OPEN FILE !!!!! . 182656 . . [------] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-12-31 11:53 2349080 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"VVSN"="c:\program files\VVSN\VVSN.exe" [2005-10-25 107520]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-13 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 14:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2008-05-28 14:40 1197296 ----a-w- c:\program files\CCleaner\CCleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-10 14:40 20480 ----a-w- c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 19:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 19:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 09:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 09:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-16 16:54 155648 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 22:30 282624 ----a-w- c:\windows\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-24 00:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 16:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 17:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-10 13:43 270336 ----a-w- c:\windows\tsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"hnmsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c9b5624e04980"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcdcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcdPSWX.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2009 22:20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2009 22:20 20560]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S2 gupdate1c9b5624e04980;Google Update Service (gupdate1c9b5624e04980);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 21:14 133104]
S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);c:\windows\system32\drivers\swnc8u90.sys [02/12/2008 10:10 173312]
S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\system32\drivers\swumx90.sys [17/11/2008 14:33 145280]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/06/2010 14:18 664064]
.
Contents of the 'Scheduled Tasks' folder
2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 20:14]
2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 20:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll
BHO-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
Toolbar-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
HKLM-Run-MemoryCardManager - (no file)
HKLM-Run-DataMngr - c:\program files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
MSConfigStartUp-Dell QuickSet - c:\program files\Dell\QuickSet\quickset.exe
MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe
MSConfigStartUp-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
MSConfigStartUp-ECenter - c:\dell\E-Center\gtb.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-O2Start - c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-BrothersInArms - c:\program files\Ubisoft\Gearbox Software\BrothersInArms\System\Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 18:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8395D0E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf760bfc3
\Driver\ACPI -> ACPI.sys @ 0xf749ecb8
\Driver\atapi -> atapi.sys @ 0xf74567b4
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577896
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577896
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0x83903ba0
PacketIndicateHandler -> NDIS.sys @ 0x838f2a0b
SendHandler -> NDIS.sys @ 0x83906b31
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-328848984-2692979925-2512256979-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dlcdcoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-21 18:17:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-21 17:16
Pre-Run: 26,549,633,024 bytes free
Post-Run: 26,516,258,816 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - E99F2514FAB0DE9DCAAA3290D3C240CA
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.759.415 [GMT 1:00]
Running from: c:\documents and settings\Bob Brady\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\Bob Brady\Local Settings\Application Data\DoubleD
c:\documents and settings\Bob Brady\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.5.24020\bin\stbup.exe
C:\p9rs.exe
c:\program files\Internet Explorer\rasadhlp.dll
c:\program files\Opera\rasadhlp.dll
c:\program files\Outlook Express\rasadhlp.dll
c:\windows\inf\vvt.pnf
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\thxr.wgo
D:\autorun.inf
Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\drivers\ndis.sys . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.
2010-06-20 21:55 . 2010-06-20 21:56 -------- d-----w- c:\program files\trend micro
2010-06-20 21:55 . 2010-06-20 21:56 -------- d-----w- C:\rsit
2010-06-11 09:04 . 2010-06-11 09:04 211072 ----a-w- c:\windows\system32\dllcache\ndis.sys
2010-06-03 16:13 . 2010-06-03 16:13 -------- d-----w- c:\program files\Team JPN
2010-06-03 13:21 . 2010-06-20 21:55 -------- d-----w- c:\program files\VVSN
2010-06-03 13:20 . 2010-06-03 13:20 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-06-03 13:20 . 2010-06-16 19:48 -------- d-----w- c:\program files\DAEMON Tools
2010-06-03 13:18 . 2010-06-03 13:18 96256 ----a-w- c:\windows\system32\drivers\sptd8333.sys
2010-06-03 13:18 . 2010-06-03 13:18 664064 ----a-w- c:\windows\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 17:11 . 2009-05-28 15:09 -------- d-----w- c:\program files\Opera
2010-06-20 22:29 . 2007-01-20 17:23 4300 ----a-w- c:\documents and settings\Bob Brady\Application Data\wklnhst.dat
2010-06-20 21:18 . 2006-08-22 17:52 -------- d-----w- c:\program files\Dl_cats
2010-06-17 12:02 . 2009-04-04 20:14 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\Skype
2010-06-17 11:58 . 2009-04-08 18:30 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\skypePM
2010-06-16 19:49 . 2010-05-16 19:31 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\vlc
2010-06-15 15:29 . 2010-01-02 20:56 -------- d-----w- c:\program files\EA GAMES
2010-06-11 09:04 . 2004-08-10 11:51 211072 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-06-07 08:25 . 2009-12-30 16:47 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-06-02 17:31 . 2006-08-18 15:32 65096 ----a-w- c:\documents and settings\Bob Brady\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-27 17:37 . 2006-08-16 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-16 13:36 . 2010-01-02 21:18 990 ----a-w- c:\windows\eReg.dat
2010-05-12 18:56 . 2010-05-12 18:56 111104 --sh--r- C:\xjb3.exe
2010-05-12 17:32 . 2010-05-12 17:26 -------- d-----w- c:\program files\Graboid
2010-05-03 11:59 . 2009-06-06 21:20 -------- d-----w- c:\documents and settings\Bob Brady\Application Data\uTorrent
2010-04-28 16:52 . 2010-04-28 16:52 -------- d-----w- c:\program files\Roger Wilco
2010-04-28 16:52 . 2010-01-02 20:44 -------- d-----w- c:\program files\GameSpy Arcade
2009-09-30 20:07 . 2006-08-18 15:32 56 --sh--r- c:\windows\system32\449AF65687.sys
2009-09-30 19:56 . 2006-08-18 15:35 88 --sh--r- c:\windows\system32\8756F69A44.sys
2009-09-30 20:07 . 2006-08-18 15:32 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2010-06-11 09:04 . !HASH: COULD NOT OPEN FILE !!!!! . 211072 . . [------] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-06-11 09:04 . !HASH: COULD NOT OPEN FILE !!!!! . 211072 . . [------] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 19:20 . !HASH: COULD NOT OPEN FILE !!!!! . 182656 . . [------] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-12-31 11:53 2349080 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 430080]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"VVSN"="c:\program files\VVSN\VVSN.exe" [2005-10-25 107520]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-13 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 14:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2008-05-28 14:40 1197296 ----a-w- c:\program files\CCleaner\CCleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-10 14:40 20480 ----a-w- c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 19:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 19:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 09:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 09:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-16 16:54 155648 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 22:30 282624 ----a-w- c:\windows\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-24 00:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 16:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 17:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-10 13:43 270336 ----a-w- c:\windows\tsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"hnmsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c9b5624e04980"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcdcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcdPSWX.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2009 22:20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2009 22:20 20560]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S2 gupdate1c9b5624e04980;Google Update Service (gupdate1c9b5624e04980);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 21:14 133104]
S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);c:\windows\system32\drivers\swnc8u90.sys [02/12/2008 10:10 173312]
S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\system32\drivers\swumx90.sys [17/11/2008 14:33 145280]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/06/2010 14:18 664064]
.
Contents of the 'Scheduled Tasks' folder
2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 20:14]
2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 20:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll
BHO-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
Toolbar-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
HKLM-Run-MemoryCardManager - (no file)
HKLM-Run-DataMngr - c:\program files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
MSConfigStartUp-Dell QuickSet - c:\program files\Dell\QuickSet\quickset.exe
MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe
MSConfigStartUp-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
MSConfigStartUp-ECenter - c:\dell\E-Center\gtb.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-O2Start - c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-BrothersInArms - c:\program files\Ubisoft\Gearbox Software\BrothersInArms\System\Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 18:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8395D0E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf760bfc3
\Driver\ACPI -> ACPI.sys @ 0xf749ecb8
\Driver\atapi -> atapi.sys @ 0xf74567b4
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577896
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577896
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0x83903ba0
PacketIndicateHandler -> NDIS.sys @ 0x838f2a0b
SendHandler -> NDIS.sys @ 0x83906b31
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-328848984-2692979925-2512256979-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dlcdcoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-21 18:17:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-21 17:16
Pre-Run: 26,549,633,024 bytes free
Post-Run: 26,516,258,816 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - E99F2514FAB0DE9DCAAA3290D3C240CA
Re: Prosim o kontrolu logu
SPTD nenabidnul uninstall
defrogger nevytvoril zadny log ..toto je jedine co to vytvorilo
defrogger nevytvoril zadny log ..toto je jedine co to vytvorilo
..pokracujidefogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:09 on 21/06/2010 (Bob Brady)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read ndis.sys
SPTD -> Already disabled
-=E.O.F=-
Re: Prosim o kontrolu logu
........
OTL logfile created on: 21/06/2010 19:27:38 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Bob Brady\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
759.00 Mb Total Physical Memory | 457.00 Mb Available Physical Memory | 60.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.68 Gb Total Space | 24.70 Gb Free Space | 46.88% Space Free | Partition Type: NTFS
Drive D: | 18.46 Gb Total Space | 17.74 Gb Free Space | 96.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BOB
Current User Name: Bob Brady
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/06/21 19:25:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
PRC - [2010/06/02 06:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2005/10/27 23:41:52 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcdcoms.exe
PRC - [2005/10/25 09:56:14 | 000,107,520 | ---- | M] (WhenU.com) -- C:\Program Files\VVSN\VVSN.exe
PRC - [2005/10/07 03:01:48 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
========== Modules (SafeList) ==========
MOD - [2010/06/21 19:25:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/27 23:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device)
========== Driver Services (SafeList) ==========
DRV - [2010/06/11 10:04:23 | 000,211,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2010/06/03 14:20:49 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2010/06/03 14:18:56 | 000,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/12/02 10:10:04 | 000,173,312 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u90.sys -- (SWNC8U90) Sierra Wireless MUX NDIS Driver (UMTS90)
DRV - [2008/11/17 14:33:44 | 000,145,280 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx90.sys -- (SWUMX90) Sierra Wireless USB MUX Driver (UMTS90)
DRV - [2008/08/22 18:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/03/17 11:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/03/26 14:46:30 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/09/18 14:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 14:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 14:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 14:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 14:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 14:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/05/15 14:35:36 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/03/24 23:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/13 17:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2006/03/13 17:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2006/03/13 17:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2006/03/13 17:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2006/03/13 17:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2006/03/08 18:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/02 19:24:42 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/05 03:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 03:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 03:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 03:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 05:00:00 | 000,041,856 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2010/06/21 18:12:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\..\Toolbar\WebBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe (WhenU.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3521054984 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bob Brady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob Brady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/03 14:22:53 | 000,002,352 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)
========== Files/Folders - Created Within 7 Days ==========
[2010/06/21 19:26:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/21 19:25:22 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
[2010/06/21 17:54:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/21 17:45:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/20 22:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/06/20 22:54:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bob Brady\Recent
[2009/07/24 11:45:55 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/07/24 11:45:55 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/07/24 11:45:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/07/24 11:45:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2006/08/16 00:37:50 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdserv.dll
[2006/08/16 00:37:50 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdusb1.dll
[2006/08/16 00:37:50 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpmui.dll
[2006/08/16 00:37:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdlmpm.dll
[2006/08/16 00:37:50 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdprox.dll
[2006/08/16 00:37:50 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpplc.dll
[2006/08/16 00:37:48 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdhbn3.dll
[2006/08/16 00:37:48 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomc.dll
[2006/08/16 00:37:48 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010/06/21 19:25:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
[2010/06/21 19:19:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 19:19:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/21 19:19:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/21 19:19:40 | 796,327,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/21 19:19:40 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/21 19:18:49 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Bob Brady\NTUSER.DAT
[2010/06/21 19:18:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bob Brady\ntuser.ini
[2010/06/21 19:08:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bob Brady\defogger_reenable
[2010/06/21 19:04:29 | 000,990,405 | ---- | M] () -- C:\Qoobox.rar
[2010/06/21 19:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 18:13:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/21 18:12:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/21 17:54:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/21 17:44:07 | 004,807,388 | -H-- | M] () -- C:\Documents and Settings\Bob Brady\Local Settings\Application Data\IconCache.db
[2010/06/20 23:29:14 | 000,004,300 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Application Data\wklnhst.dat
[2010/06/20 23:29:11 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Desktop\CV.Ireland.doc
[2010/06/20 22:18:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/17 12:58:31 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/16 20:46:23 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/21 19:08:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bob Brady\defogger_reenable
[2010/06/21 19:04:27 | 000,990,405 | ---- | C] () -- C:\Qoobox.rar
[2010/06/21 17:54:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/21 17:54:20 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/21 17:45:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/21 17:45:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/12 15:09:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lkv72l68rqxze6cgiawd9tuu.ini
[2009/07/24 11:46:01 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/05/22 17:33:32 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/08/30 18:17:52 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/18 17:23:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/08/18 16:35:33 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8756F69A44.sys
[2006/08/18 16:32:08 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\449AF65687.sys
[2006/08/18 16:32:00 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/16 01:26:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/16 01:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/16 01:14:23 | 000,000,538 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/16 01:08:49 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/16 00:37:50 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2006/08/16 00:37:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2006/08/16 00:37:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2006/08/16 00:37:50 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2006/08/16 00:37:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2006/08/16 00:37:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2006/08/16 00:37:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2006/08/16 00:37:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2006/08/16 00:37:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2006/08/16 00:37:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2006/08/16 00:37:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/08/16 00:37:28 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/08/16 00:36:46 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/02 17:05:54 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlcdplc.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:15 | 000,211,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2004/08/03 23:00:16 | 000,041,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\imapi.sys
========== LOP Check ==========
[2010/01/28 11:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\331C5
[2009/04/04 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2007/06/16 18:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/05/27 17:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\bearsharemediabartb
[2010/01/13 12:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009/12/06 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Gearbox Software
[2010/01/06 19:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\imeshmediabartb
[2006/08/22 19:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Leadertech
[2009/08/05 12:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\MSNInstaller
[2009/05/28 16:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Opera
[2009/05/22 17:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sierra Wireless
[2009/04/04 18:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Tatara Systems
[2007/08/08 13:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Teleca
[2010/05/03 12:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
[2010/05/12 19:56:24 | 000,111,104 | RHS- | M] () -- C:\xjb3.exe
< %ALLUSERSPROFILE%\Application Data\*. >
[2010/01/28 11:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\331C5
[2010/01/13 12:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/06/16 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/04/15 20:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/08/05 12:09:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2006/08/16 01:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/04/05 01:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2006/08/16 01:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/04/05 00:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2007/08/22 18:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2010/01/29 20:00:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/01/09 10:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/07/22 18:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/04 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2004/08/10 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/11/22 12:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2006/08/16 01:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2007/06/16 18:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2009/08/05 12:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/04 23:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/06/16 18:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/05/27 17:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/12 21:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010/01/13 12:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Adobe
[2006/08/26 16:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\AdobeUM
[2007/08/18 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Apple Computer
[2010/01/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\bearsharemediabartb
[2010/01/13 12:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2006/08/18 16:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Corel Photo Album
[2009/08/12 20:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\dvdcss
[2009/12/06 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Gearbox Software
[2007/01/09 22:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Google
[2009/08/05 12:09:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Gtek
[2007/08/30 16:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Help
[2004/08/10 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Identities
[2010/01/06 19:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\imeshmediabartb
[2009/07/24 11:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\InstallShield
[2006/08/22 19:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Leadertech
[2006/08/21 19:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Macromedia
[2006/08/18 16:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\McAfee.com Personal Firewall
[2009/05/28 16:05:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Bob Brady\Application Data\Microsoft
[2009/08/05 12:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\MSNInstaller
[2009/05/28 16:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Opera
[2010/01/29 20:00:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Bob Brady\Application Data\SecuROM
[2009/05/22 17:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sierra Wireless
[2010/06/17 13:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Skype
[2010/06/17 12:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\skypePM
[2006/08/22 19:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sonic
[2007/06/16 18:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sony Ericsson
[2006/08/16 00:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sun
[2006/08/16 01:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Symantec
[2009/04/04 18:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Tatara Systems
[2007/08/08 13:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Teleca
[2010/05/03 12:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\uTorrent
[2010/06/16 20:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\vlc
[2009/04/05 00:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\WinRAR
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008/04/14 01:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\autochk.exe
[2004/08/04 05:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\cmdcons\autochk.exe
[2004/08/04 05:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\system32\autochk.exe
< MD5 for: CDROM.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\cdrom.sys
[2004/08/04 05:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CHANGER.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\changer.sys
< MD5 for: CRYPTSVC.DLL >
[2004/08/04 05:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004/08/04 05:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/14 01:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008/04/13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\hal.dll
[2004/11/16 02:37:04 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=BE7A7927F3BE8068C81577771D33762F -- C:\WINDOWS\Driver Cache\i386\hal.dll
[2004/11/16 02:37:04 | 000,131,712 | ---- | M] (Microsoft Corporation) MD5=F9A83D160C80EE6F45AA577CB101B83F -- C:\WINDOWS\system32\HAL.DLL
< MD5 for: ISAPNP.SYS >
[2008/04/13 19:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\isapnp.sys
[2001/08/17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001/08/17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001/08/17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\lsass.exe
[2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
< MD5 for: NDIS.SYS >
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[2010/06/11 10:04:23 | 000,211,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\dllcache\ndis.sys
[2010/06/11 10:04:23 | 000,211,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll
< MD5 for: SMSS.EXE >
[2008/04/14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\smss.exe
[2004/08/04 05:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\smss.exe
[2004/08/04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE
< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
[2004/08/04 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004/08/04 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/06/11 10:04:23 | 000,211,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndis.sys
< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010/06/21 19:19:40 | 000,235,960 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010/06/20 22:18:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >
OTL logfile created on: 21/06/2010 19:27:38 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Bob Brady\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
759.00 Mb Total Physical Memory | 457.00 Mb Available Physical Memory | 60.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.68 Gb Total Space | 24.70 Gb Free Space | 46.88% Space Free | Partition Type: NTFS
Drive D: | 18.46 Gb Total Space | 17.74 Gb Free Space | 96.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BOB
Current User Name: Bob Brady
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/06/21 19:25:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
PRC - [2010/06/02 06:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2005/10/27 23:41:52 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcdcoms.exe
PRC - [2005/10/25 09:56:14 | 000,107,520 | ---- | M] (WhenU.com) -- C:\Program Files\VVSN\VVSN.exe
PRC - [2005/10/07 03:01:48 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
========== Modules (SafeList) ==========
MOD - [2010/06/21 19:25:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/27 23:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device)
========== Driver Services (SafeList) ==========
DRV - [2010/06/11 10:04:23 | 000,211,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2010/06/03 14:20:49 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2010/06/03 14:18:56 | 000,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/12/02 10:10:04 | 000,173,312 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u90.sys -- (SWNC8U90) Sierra Wireless MUX NDIS Driver (UMTS90)
DRV - [2008/11/17 14:33:44 | 000,145,280 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx90.sys -- (SWUMX90) Sierra Wireless USB MUX Driver (UMTS90)
DRV - [2008/08/22 18:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/03/17 11:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/03/26 14:46:30 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/09/18 14:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 14:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 14:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 14:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 14:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 14:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/05/15 14:35:36 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/03/24 23:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/13 17:35:28 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2006/03/13 17:35:26 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2006/03/13 17:35:20 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2006/03/13 17:35:18 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2006/03/13 17:35:12 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2006/03/08 18:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/02 19:24:42 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/05 03:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 03:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 03:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 03:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 05:00:00 | 000,041,856 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2010/06/21 18:12:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\..\Toolbar\WebBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe (WhenU.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-328848984-2692979925-2512256979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3521054984 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bob Brady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob Brady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/03 14:22:53 | 000,002,352 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)
========== Files/Folders - Created Within 7 Days ==========
[2010/06/21 19:26:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/21 19:25:22 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
[2010/06/21 17:54:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/21 17:45:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/20 22:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/06/20 22:54:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bob Brady\Recent
[2009/07/24 11:45:55 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/07/24 11:45:55 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/07/24 11:45:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/07/24 11:45:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2006/08/16 00:37:50 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdserv.dll
[2006/08/16 00:37:50 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdusb1.dll
[2006/08/16 00:37:50 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpmui.dll
[2006/08/16 00:37:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdlmpm.dll
[2006/08/16 00:37:50 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdprox.dll
[2006/08/16 00:37:50 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdpplc.dll
[2006/08/16 00:37:48 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdhbn3.dll
[2006/08/16 00:37:48 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomc.dll
[2006/08/16 00:37:48 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdcomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010/06/21 19:25:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob Brady\Desktop\OTL.exe
[2010/06/21 19:19:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 19:19:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/21 19:19:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/21 19:19:40 | 796,327,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/21 19:19:40 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/21 19:18:49 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Bob Brady\NTUSER.DAT
[2010/06/21 19:18:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bob Brady\ntuser.ini
[2010/06/21 19:08:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bob Brady\defogger_reenable
[2010/06/21 19:04:29 | 000,990,405 | ---- | M] () -- C:\Qoobox.rar
[2010/06/21 19:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 18:13:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/21 18:12:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/21 17:54:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/21 17:44:07 | 004,807,388 | -H-- | M] () -- C:\Documents and Settings\Bob Brady\Local Settings\Application Data\IconCache.db
[2010/06/20 23:29:14 | 000,004,300 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Application Data\wklnhst.dat
[2010/06/20 23:29:11 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Desktop\CV.Ireland.doc
[2010/06/20 22:18:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/17 12:58:31 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/16 20:46:23 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Bob Brady\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/21 19:08:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bob Brady\defogger_reenable
[2010/06/21 19:04:27 | 000,990,405 | ---- | C] () -- C:\Qoobox.rar
[2010/06/21 17:54:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/21 17:54:20 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/21 17:45:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/21 17:45:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/12 15:09:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lkv72l68rqxze6cgiawd9tuu.ini
[2009/07/24 11:46:01 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/05/22 17:33:32 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/08/30 18:17:52 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/18 17:23:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/08/18 16:35:33 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8756F69A44.sys
[2006/08/18 16:32:08 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\449AF65687.sys
[2006/08/18 16:32:00 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/16 01:26:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/16 01:18:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/16 01:14:23 | 000,000,538 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/16 01:08:49 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/16 00:37:50 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2006/08/16 00:37:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2006/08/16 00:37:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2006/08/16 00:37:50 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2006/08/16 00:37:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2006/08/16 00:37:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2006/08/16 00:37:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2006/08/16 00:37:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2006/08/16 00:37:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2006/08/16 00:37:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2006/08/16 00:37:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/08/16 00:37:28 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/08/16 00:36:46 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/02 17:05:54 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlcdplc.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:15 | 000,211,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2004/08/03 23:00:16 | 000,041,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\imapi.sys
========== LOP Check ==========
[2010/01/28 11:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\331C5
[2009/04/04 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2007/06/16 18:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/05/27 17:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\bearsharemediabartb
[2010/01/13 12:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009/12/06 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Gearbox Software
[2010/01/06 19:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\imeshmediabartb
[2006/08/22 19:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Leadertech
[2009/08/05 12:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\MSNInstaller
[2009/05/28 16:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Opera
[2009/05/22 17:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sierra Wireless
[2009/04/04 18:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Tatara Systems
[2007/08/08 13:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Teleca
[2010/05/03 12:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
[2010/05/12 19:56:24 | 000,111,104 | RHS- | M] () -- C:\xjb3.exe
< %ALLUSERSPROFILE%\Application Data\*. >
[2010/01/28 11:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\331C5
[2010/01/13 12:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/06/16 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/04/15 20:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/08/05 12:09:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2006/08/16 01:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/04/05 01:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2006/08/16 01:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/04/05 00:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2007/08/22 18:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2010/01/29 20:00:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/01/09 10:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/07/22 18:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/04 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2004/08/10 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/11/22 12:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2006/08/16 01:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2007/06/16 18:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2009/08/05 12:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/04 23:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/06/16 18:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/05/27 17:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/12 21:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010/01/13 12:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Adobe
[2006/08/26 16:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\AdobeUM
[2007/08/18 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Apple Computer
[2010/01/28 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\bearsharemediabartb
[2010/01/13 12:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2006/08/18 16:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Corel Photo Album
[2009/08/12 20:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\dvdcss
[2009/12/06 17:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Gearbox Software
[2007/01/09 22:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Google
[2009/08/05 12:09:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Gtek
[2007/08/30 16:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Help
[2004/08/10 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Identities
[2010/01/06 19:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\imeshmediabartb
[2009/07/24 11:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\InstallShield
[2006/08/22 19:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Leadertech
[2006/08/21 19:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Macromedia
[2006/08/18 16:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\McAfee.com Personal Firewall
[2009/05/28 16:05:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Bob Brady\Application Data\Microsoft
[2009/08/05 12:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\MSNInstaller
[2009/05/28 16:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Opera
[2010/01/29 20:00:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Bob Brady\Application Data\SecuROM
[2009/05/22 17:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sierra Wireless
[2010/06/17 13:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Skype
[2010/06/17 12:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\skypePM
[2006/08/22 19:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sonic
[2007/06/16 18:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sony Ericsson
[2006/08/16 00:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Sun
[2006/08/16 01:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Symantec
[2009/04/04 18:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Tatara Systems
[2007/08/08 13:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\Teleca
[2010/05/03 12:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\uTorrent
[2010/06/16 20:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\vlc
[2009/04/05 00:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob Brady\Application Data\WinRAR
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008/04/14 01:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\autochk.exe
[2004/08/04 05:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\cmdcons\autochk.exe
[2004/08/04 05:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\system32\autochk.exe
< MD5 for: CDROM.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\cdrom.sys
[2004/08/04 05:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CHANGER.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\changer.sys
< MD5 for: CRYPTSVC.DLL >
[2004/08/04 05:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004/08/04 05:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/14 01:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008/04/13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\hal.dll
[2004/11/16 02:37:04 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=BE7A7927F3BE8068C81577771D33762F -- C:\WINDOWS\Driver Cache\i386\hal.dll
[2004/11/16 02:37:04 | 000,131,712 | ---- | M] (Microsoft Corporation) MD5=F9A83D160C80EE6F45AA577CB101B83F -- C:\WINDOWS\system32\HAL.DLL
< MD5 for: ISAPNP.SYS >
[2008/04/13 19:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\isapnp.sys
[2001/08/17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001/08/17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001/08/17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\lsass.exe
[2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
< MD5 for: NDIS.SYS >
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[2010/06/11 10:04:23 | 000,211,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\dllcache\ndis.sys
[2010/06/11 10:04:23 | 000,211,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll
< MD5 for: SMSS.EXE >
[2008/04/14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\smss.exe
[2004/08/04 05:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\smss.exe
[2004/08/04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE
< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
[2004/08/04 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004/08/04 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/06/11 10:04:23 | 000,211,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ndis.sys
< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010/06/21 19:19:40 | 000,235,960 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010/06/20 22:18:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >
Re: Prosim o kontrolu logu
jdu na ten gmer .)
no ten notebook je des ...vcera jsem ho pripojil na bezdrat v domu a jakmile se pripojil tak avast zacal kricet
napadlo me udelat log z RSIT a i kdyz nejsem zadnej expert tak po letmym prohlidnuti mi bylo jasny ze v tom bude strasnej bordel ..neudelas nic, nektery lidi si nedavaj pozor s tim na co lezou a co instalujou .)
...pokracuju
no ten notebook je des ...vcera jsem ho pripojil na bezdrat v domu a jakmile se pripojil tak avast zacal kricet
napadlo me udelat log z RSIT a i kdyz nejsem zadnej expert tak po letmym prohlidnuti mi bylo jasny ze v tom bude strasnej bordel ..neudelas nic, nektery lidi si nedavaj pozor s tim na co lezou a co instalujou .)
...pokracuju
Re: Prosim o kontrolu logu
prvni gmer log
EDIT: ..diky za pomoc, dodelame to zitra, pekny vecer!
..druhy probihaGMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-21 19:42:34
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\BOBBRA~1\LOCALS~1\Temp\pxtdqpob.sys
---- System - GMER 1.0.15 ----
Code 839170E0 pIofCallDriver
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\NDIS \Device\Ndis [838F1982] NDIS.sys[.reloc]
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
EDIT: ..diky za pomoc, dodelame to zitra, pekny vecer!
Naposledy upravil(a) cutmatic dne 21 čer 2010 19:44, celkem upraveno 1 x.
Re: Prosim o kontrolu logu
pekne, vyhodilo modrou obrazovku s chybou a jina moznost nez tvrdy restart nebyla
pokracujeme zitra, diky za pomoc
pokracujeme zitra, diky za pomoc
Re: Prosim o kontrolu logu
obavam se ze install cd nema ..ja se podivam jeste mezi svoje cd ale taky se bojim toho ze ho nenajdu, a ke vsemu ja pouzivam xp profesional a on ma home edition.. zde je druhy log z gmeru ...zatim se mej a zitra v podvecer znovu ..
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-21 20:05:40
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\BOBBRA~1\LOCALS~1\Temp\pxtdqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA23E6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA23E574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA23EA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA23E14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA23E64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA23E08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA23E0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA23E76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA23E72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA23E8AE]
Code 8396C0E0 pIofCallDriver
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\NDIS \Device\Ndis [838F9982] NDIS.sys[.reloc]
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \FileSystem\Fastfat \Fat A8E9AC8A
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x32 0x7D 0x40 0xDD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x32 0x7D 0x40 0xDD ...
---- EOF - GMER 1.0.15 ----
Re: Prosim o kontrolu logu
zdravim, tez jsem zde ...dobra vrhnu se na to ..jedina vec je takova ze obrazek se nezobrazuje, neni na ftp.
Re: Prosim o kontrolu logu
super, jdu na to ...
EDIT: obrazek tam stejne neni ..vyprsel hosting?
EDIT: obrazek tam stejne neni
..vyprsel hosting?Re: Prosim o kontrolu logu
dobra zaciname nemile ...soubor c:/xjb3.exe nenxistuje
neni ani mezi skrytymi, ani vyhledavac ho nenasel
neni ani mezi skrytymi, ani vyhledavac ho nenasel
Re: Prosim o kontrolu logu
.. jsem v irsku!
stazeno z edisku
Re: Prosim o kontrolu logu
.. jsem v irsku! stazeno z edisku
takze jak mam pokracovat?prioritni je nahrada z venci ndis.sys , vse okolo bezvyznamne, takze dal se s nem nezabyvej co nemuzes najit
Re: Prosim o kontrolu logu
OTLEP iso neni prece archiv, da se rozbalit?
Re: Prosim o kontrolu logu
jaka by mela byt priblizna velikost toho iso souboru?
EDIT: taham tu verzi z anglickeho fora (93Mb) ..jelikoz je internet v teto dobe dost pretizeny, priblizna doba stazeni je pul hodiny ..strpeni!
EDIT: taham tu verzi z anglickeho fora (93Mb) ..jelikoz je internet v teto dobe dost pretizeny, priblizna doba stazeni je pul hodiny ..strpeni!
Přispějete na provoz fóra?