TR/Kazy infection-OTL.txt/ addl logs in addl posts

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Thu 20 Oct 2011, 7:17 am

Following are results of initial scans. (Note regarding aswMBR: program did not complete, error message included below.) I will await further instructions. Thanks for your help.

Patricia



OTL LOG:

OTL logfile created on: 10/19/2011 2:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 513.49 Mb Available Physical Memory | 50.22% Memory free
2.40 Gb Paging File | 2.10 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 363.53 Gb Total Space | 114.05 Gb Free Space | 31.37% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 4.40 Gb Free Space | 48.56% Space Free | Partition Type: FAT32

Computer Name: BOBSPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\3129287989:3403315781.exe
PRC - [2011/10/19 14:42:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.com
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/24 14:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 14:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 14:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 14:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,109,568 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/06/27 17:24:34 | 000,471,040 | ---- | M] (Atheros) [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 12:54:52 | 000,364,544 | ---- | M] (Atheros Communications, Inc.) [Auto | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/01 17:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 04:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/14 05:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/23 05:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 07:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 06:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/18 18:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/15 07:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/10 01:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 01:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 16:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 12:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/06 01:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/24 13:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 13:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/news/Burger-King-revamps-coffee-apf-1119327906.html?x=0&.v=6|http://www.facebook.com/home.php?|http://excite.com/|https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {a2adbb75-0c40-1c3b-68b2-6de799200d52}:4.6.6.3
FF - prefs.js..extensions.enabledItems: {776A7CC0-E1A0-4E46-982C-88A8754E5100}:1.9.1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=E2FCB7F1-34BC-45E8-896C-624F6D10A903&apn_ptnrs=WK&apn_sauid=A2A408A3-55EA-4D04-97E9-994A09157858&apn_dtid=YYYYYYYYUS&&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 09:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 11:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/11 19:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/12/11 12:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/12/11 12:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/07 11:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions
[2009/11/30 20:02:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/11 19:42:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/07 11:53:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\engine@conduit.com
[2011/10/14 01:03:45 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\toolbar@ask.com
[2011/10/19 13:40:35 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\askcom.xml
[2010/01/23 23:28:20 | 000,002,180 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\bing-ff.xml
[2008/06/23 15:55:06 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\wikipedia.xml
[2011/07/18 00:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/07 19:30:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/01 15:54:22 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}
[2010/02/01 15:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}.del
[2010/12/05 12:20:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/02/28 13:36:51 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2010/02/14 02:36:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/03/08 23:33:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/01 09:18:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/03/05 18:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 11:52:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========


O1 HOSTS File: ([2010/12/04 19:28:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CaSup.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Productivity Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201B7D01-482D-4862-846E-44904AD96B73}: DhcpNameServer = 10.10.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C72A36E4-3E1C-4AFE-896F-6225AD450C02}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/13 05:37:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/18 20:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/18 16:29:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\352585ba
[2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 13:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/19 13:56:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/19 13:55:49 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/19 13:50:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3129287989
[2011/10/19 13:50:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/18 23:04:52 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:33 | 000,000,203 | ---- | M] () -- C:\WINDOWS\System32\mhncache.dat
[2011/10/18 23:03:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/18 22:55:44 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.CDF
[2011/10/18 22:55:44 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.BAK
[2011/10/18 22:51:55 | 000,000,336 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/10/18 22:41:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/18 22:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/10/18 20:40:58 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/10/18 20:39:02 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 20:38:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/18 20:19:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/18 16:32:21 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/17 10:48:26 | 000,022,393 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FASCISM.jpg
[2011/10/16 10:53:55 | 000,049,567 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\little sheet heads.jpg
[2011/10/16 09:47:47 | 000,008,807 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\original computer.jpg
[2011/10/15 11:26:19 | 000,037,335 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\love love love.jpg
[2011/10/14 12:35:57 | 000,017,087 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\strong stupidity.jpg
[2011/10/13 16:57:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/13 16:16:15 | 000,019,096 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sick bastard.jpg
[2011/10/12 21:44:00 | 000,016,341 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\compassion point of view.jpg
[2011/10/12 18:19:18 | 000,014,569 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Charlie Brown.jpg
[2011/10/12 17:56:07 | 000,025,131 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\idiot dig shit !.jpg
[2011/10/10 18:12:01 | 000,025,648 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\f*** kids !!.jpg
[2011/10/08 19:13:05 | 000,157,573 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Steve Jobs life.php
[2011/10/08 18:15:38 | 000,000,502 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Atheism.lnk
[2011/10/08 17:30:56 | 000,055,553 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\You're next.jpg
[2011/10/08 15:06:33 | 000,018,558 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\St. Peter & Steve Jobs.jpg
[2011/10/08 10:45:33 | 000,007,556 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\hope and change - socialism.jpg
[2011/10/07 15:10:44 | 000,074,276 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\never give up.jpg
[2011/10/02 13:34:52 | 000,027,801 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Atheism.jpg
[2011/09/25 14:32:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/22 13:45:32 | 000,015,541 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FEMINE PROTECTION.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Thu 20 Oct 2011, 7:19 am

Addl. log...:

========== Files Created - No Company Name ==========

[2011/10/18 16:32:21 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/18 16:29:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3129287989
[2011/10/17 10:48:24 | 000,022,393 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FASCISM.jpg
[2011/10/16 10:53:54 | 000,049,567 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\little sheet heads.jpg
[2011/10/16 09:47:45 | 000,008,807 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\original computer.jpg
[2011/10/15 11:26:17 | 000,037,335 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\love love love.jpg
[2011/10/14 12:35:55 | 000,017,087 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\strong stupidity.jpg
[2011/10/13 16:16:13 | 000,019,096 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\sick bastard.jpg
[2011/10/12 21:44:00 | 000,016,341 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\compassion point of view.jpg
[2011/10/12 18:19:17 | 000,014,569 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Charlie Brown.jpg
[2011/10/12 17:56:06 | 000,025,131 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\idiot dig shit !.jpg
[2011/10/10 18:11:58 | 000,025,648 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\f*** kids !!.jpg
[2011/10/08 19:13:05 | 000,157,573 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Steve Jobs life.php
[2011/10/08 18:15:38 | 000,000,502 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Atheism.lnk
[2011/10/08 17:30:55 | 000,055,553 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\You're next.jpg
[2011/10/08 15:06:32 | 000,018,558 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\St. Peter & Steve Jobs.jpg
[2011/10/08 10:45:32 | 000,007,556 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\hope and change - socialism.jpg
[2011/10/07 15:10:41 | 000,074,276 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\never give up.jpg
[2011/10/02 13:34:50 | 000,027,801 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Atheism.jpg
[2011/09/22 13:45:31 | 000,015,541 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FEMINE PROTECTION.jpg
[2010/12/01 19:45:43 | 000,000,203 | ---- | C] () -- C:\WINDOWS\System32\mhncache.dat
[2010/11/03 21:19:53 | 000,000,421 | ---- | C] () -- C:\WINDOWS\DeDup.ini
[2010/09/28 14:08:21 | 000,000,336 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/03/09 15:29:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/08 16:44:02 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2010/02/05 18:07:27 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/01/23 23:30:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vfidag.dat
[2010/01/23 23:30:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sfoneciduwaton.bin
[2009/07/08 11:58:18 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/08 10:07:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/05/21 19:11:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/24 11:27:08 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/27 17:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/17 14:19:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/03/28 21:27:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/24 14:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/02 13:17:44 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/08/30 15:20:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/17 18:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Unsetup.INI
[2007/05/14 11:59:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 13:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 13:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 13:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 13:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 13:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 13:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 13:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 13:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 13:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 13:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 13:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 13:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/10/02 10:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/09/01 18:38:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\FWWipeALL.dll
[2006/08/12 00:57:12 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/12 00:56:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/08/12 00:56:51 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/05/13 22:20:28 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/13 20:38:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/27 22:02:50 | 000,005,717 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2006/04/27 22:02:28 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/03/14 19:14:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/02/27 23:58:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/12 17:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/12 17:14:13 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/02/12 17:14:06 | 000,003,892 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/27 12:16:59 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/01/27 12:12:31 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/13 05:56:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/13 05:40:13 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/01/13 05:39:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/01/13 05:39:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/01/13 05:24:05 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/01/13 05:24:05 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/01/13 05:18:40 | 000,080,418 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/01/13 05:18:40 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/01/13 05:16:33 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/01/13 05:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/01/13 05:15:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/13 05:12:44 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/13 04:59:45 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/12 18:39:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/12 18:39:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/12 18:39:23 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/12 18:39:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/12 18:39:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/12 18:38:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/12 18:38:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/12 18:38:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/12 18:37:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 18:30:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/08/02 18:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 18:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 18:30:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/07/02 16:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 16:34:10 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 16:28:10 | 000,465,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 16:28:10 | 000,080,052 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/16 11:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/02/26 15:31:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/01/28 20:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 20:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/27 08:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 17:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 17:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/07/07 02:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2011/09/10 12:31:19 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2009/12/10 16:23:17 | 004,843,314 | ---- | M] (DVD Cloner Inc. ) -- C:\Documents and Settings\HP_Administrator\Desktop\dvdcloner560.exe
[2009/12/10 16:23:26 | 006,272,566 | ---- | M] (OpenCloner Inc. ) -- C:\Documents and Settings\HP_Administrator\Desktop\dvdcloner670.exe
[2010/02/23 14:19:07 | 027,024,112 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\PowerPointViewer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2009/03/27 16:06:52 | 002,730,336 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\My Documents\SupportConsole.exe

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/10/01 09:18:28 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/10/01 09:18:25 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/10/01 09:18:24 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
File not found Unable to obtain MD5 -- C:\WINDOWS\system32\
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/12/06 12:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/09/02 13:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\AdorageI-GfxDatas
[2007/09/02 13:01:00 | 000,000,000 | ---D | M] -- C:\Program Files\AdorageI-SAL
[2008/05/31 09:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\ANI
[2010/12/06 12:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/10/14 01:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2006/12/02 02:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\Auction Sentry Deluxe
[2010/12/05 11:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2006/02/18 10:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2008/02/24 13:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\BDHDCopyHelper
[2006/04/02 17:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin Mouse 1.0
[2010/12/06 12:21:08 | 000,000,000 | ---D | M] -- C:\Program Files\BillP Studios
[2010/01/29 14:59:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Toolbar
[2010/12/06 12:57:30 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/02/26 19:27:55 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
[2007/05/09 10:56:47 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/02/13 18:04:24 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/12/06 12:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/07/02 03:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/05/07 11:51:18 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2006/01/27 12:26:07 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2010/09/28 14:09:56 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/05/31 09:41:13 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link
[2010/11/03 21:19:52 | 000,000,000 | ---D | M] -- C:\Program Files\DeDup
[2007/04/09 20:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/03/08 16:44:04 | 000,000,000 | ---D | M] -- C:\Program Files\Driver Magician
[2011/09/15 20:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\Dvd-cloner
[2010/02/05 18:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2010/11/28 12:14:26 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2010/12/06 13:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2010/02/14 21:58:08 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/02/05 18:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2010/12/09 21:06:41 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/03/30 14:54:41 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2006/01/13 05:19:02 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/08/13 21:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\IL_DIVO_ENCORE
[2009/08/13 21:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\IL_DIVO_ENCORE_01
[2009/08/13 21:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\IL_DIVO_ENCORE_02
[2009/08/13 22:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\IL_DIVO_ENCORE_03
[2006/12/31 18:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\IncrediMail
[2010/09/28 14:10:09 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/05/31 09:39:34 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2006/01/13 05:33:46 | 000,000,000 | ---D | M] -- C:\Program Files\IntelliMover Data Transfer Demo
[2008/03/28 21:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2011/08/10 17:55:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/06 13:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/12/06 13:19:31 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/12/05 12:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/29 21:23:18 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2010/02/06 16:28:35 | 000,000,000 | ---D | M] -- C:\Program Files\Lavalys
[2009/05/16 21:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2011/10/18 22:51:51 | 000,000,000 | ---D | M] -- C:\Program Files\lg_fwupdate
[2011/10/19 13:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 00:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\MediaMonkey
[2010/12/04 10:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/02/27 23:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/11/30 15:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Fix it Center
[2005/07/14 19:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/02/23 14:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/07/10 15:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/02/27 23:57:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/13 03:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/10/14 15:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/09/29 21:57:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2010/03/08 22:51:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/02/23 14:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/07/14 19:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/07/14 19:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/18 02:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/09/20 19:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2006/01/13 05:37:09 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2010/02/05 21:49:12 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2008/05/31 09:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR GA311 Adapter
[2010/03/08 20:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/02/13 12:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/02/12 16:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/16 16:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/02/06 13:32:05 | 000,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
[2006/01/13 05:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2008/04/19 07:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2008/12/13 16:37:35 | 000,000,000 | ---D | M] -- C:\Program Files\Pinnacle
[2008/01/29 20:31:01 | 000,000,000 | ---D | M] -- C:\Program Files\proDAD
[2010/02/06 12:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2010/12/06 12:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/10/05 01:53:00 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/03/08 16:30:50 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/03/08 22:51:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/09/02 12:09:16 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2007/08/30 15:19:48 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/02/14 21:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\Spy Cleaner Gold
[2008/02/07 21:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/23 22:58:21 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/12/06 12:15:19 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/12/04 15:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2006/01/13 05:49:39 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/08/05 18:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2010/02/14 14:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/02/13 13:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2005/07/02 03:00:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/02/26 19:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2010/02/13 12:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2006/01/13 05:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2010/03/08 23:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2010/01/27 21:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2006/11/08 18:34:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/03/08 22:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/03/08 20:03:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/07/14 19:50:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/07/02 03:00:58 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/12/06 12:18:38 | 000,000,000 | ---D | M] -- C:\Program Files\WOT
[2005/07/14 19:50:34 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/02/13 18:04:22 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/11/20 01:06:09 | 000,000,000 | ---D | M] -- C:\Program Files\Zune


< MD5 for: AGP440.SYS >
[2004/08/11 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 01:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/11 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 01:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 01:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 01:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/10 01:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/10 01:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/11 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/10 01:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2010/03/08 19:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 01:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/10 01:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-04 20:25:36

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/01 09:18:24 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/01 09:18:28 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 08:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3129287989:3403315781.exe
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Thu 20 Oct 2011, 7:21 am

Extras log:

OTL Extras logfile created on: 10/19/2011 2:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 513.49 Mb Available Physical Memory | 50.22% Memory free
2.40 Gb Paging File | 2.10 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 363.53 Gb Total Space | 114.05 Gb Free Space | 31.37% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 4.40 Gb Free Space | 48.56% Space Free | Partition Type: FAT32

Computer Name: BOBSPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\Ask.com\Updater\Updater.exe" = C:\Program Files\Ask.com\Updater\Updater.exe:*:Disabled:Ask Updater -- (Ask)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{2C3D719A-92C7-4323-89CC-C937D0267B84}" = muvee autoProducer 4.0
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{69CF01AD-9E35-4BD7-9036-7B8478BEB839}" = HPTunesAddIn
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}" = muvee autoProducer unPlugged 1.1 - HPD
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D54193B7-D2DF-4977-B546-86CA48DB214E}" = HP Tunes
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DeDup" = DeDup
"Driver Magician_is1" = Driver Magician 3.49
"DVD-CLONER IV_is1" = DVD-CLONER V4.70 Build 926
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"hp deskjet 6122 series_Driver" = hp deskjet 6122 series
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! Toolbar
"Zune" = Zune

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2011 10:29:20 AM | Computer Name = BOBSPC | Source = Application Hang | ID = 1001
Description = Fault bucket -1805600120.

Error - 8/10/2011 6:13:22 PM | Computer Name = BOBSPC | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x8007041D .

Error - 9/10/2011 12:30:23 PM | Computer Name = BOBSPC | Source = Application Error | ID = 1000
Description = Faulting application helpctr.exe, version 5.1.2600.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 10/13/2011 1:49:34 PM | Computer Name = BOBSPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2011 1:49:56 PM | Computer Name = BOBSPC | Source = Application Hang | ID = 1001
Description = Fault bucket -1665931649.

Error - 10/18/2011 12:38:29 AM | Computer Name = BOBSPC | Source = nview_info | ID = 11141121
Description =

Error - 10/18/2011 8:39:21 PM | Computer Name = BOBSPC | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 10/18/2011 8:39:21 PM | Computer Name = BOBSPC | Source = Windows Search Service | ID = 3029
Description = The plug-in in cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 10/18/2011 8:39:21 PM | Computer Name = BOBSPC | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 10/18/2011 8:39:21 PM | Computer Name = BOBSPC | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

[ System Events ]
Error - 10/18/2011 11:11:18 PM | Computer Name = BOBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm ssmdrv

Error - 10/18/2011 11:22:44 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/19/2011 1:39:46 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/19/2011 1:40:13 PM | Computer Name = BOBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm ssmdrv

Error - 10/19/2011 1:45:07 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10/19/2011 1:51:25 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/19/2011 1:52:27 PM | Computer Name = BOBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm ssmdrv

Error - 10/19/2011 2:01:10 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/19/2011 2:04:02 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/19/2011 2:04:14 PM | Computer Name = BOBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Thu 20 Oct 2011, 7:25 am

Security Check log:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (3.1.7) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

WinPatrol winpatrol.exe is disabled!
``````````End of Log````````````

robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Superdave on Thu 20 Oct 2011, 12:05 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
******************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

*****************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Thu 20 Oct 2011, 5:07 pm

Per your instructions, I have removed ASK. updated Java (also latest Windows updates). I then ran DDS and copied and pasted the logs below.
I will check back for further instructions.

Thanks for your help~
Patricia

Log of DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by HP_Administrator at 1:59:08 on 2011-10-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.368 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\3129287989:3403315781.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\casup.lnk - c:\hp\region\CustAtStartUp.wsf
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\AGRemind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ga311s~1.lnk - c:\program files\netgear ga311 adapter\GA311.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\CineTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {49232000-16E4-426C-A231-62846947304B} - [You must be registered and logged in to see this link.]
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - [You must be registered and logged in to see this link.]
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{201B7D01-482D-4862-846E-44904AD96B73} : DhcpNameServer = 10.10.5.10
TCP: Interfaces\{C72A36E4-3E1C-4AFE-896F-6225AD450C02} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-5 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-5 109568]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-13 56816]
R2 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 364544]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-5 186880]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-9 136176]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2010-3-8 96256]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-9 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
.
=============== Created Last 30 ================
.
2011-10-19 00:37:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-19 00:37:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-18 20:29:14 -------- d-sh--w- c:\documents and settings\hp_administrator\local settings\application data\352585ba
2011-09-26 15:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 15:41:14 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
.
==================== Find3M ====================
.
2011-10-19 17:56:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 2:00:44.60 ===============
Log of ATTACH.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/5/2010 5:06:15 PM
System Uptime: 10/20/2011 1:37:04 AM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | LITHIUM
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 364 GiB total, 112.168 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 4.396 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP125: 7/22/2011 7:48:17 AM - System Checkpoint
RP126: 7/23/2011 8:14:51 AM - System Checkpoint
RP127: 7/24/2011 8:34:04 AM - System Checkpoint
RP128: 7/24/2011 2:55:22 PM - Software Distribution Service 3.0
RP129: 7/25/2011 5:22:48 PM - System Checkpoint
RP130: 7/26/2011 6:27:49 PM - System Checkpoint
RP131: 7/27/2011 6:49:02 PM - System Checkpoint
RP132: 7/28/2011 7:15:50 PM - System Checkpoint
RP133: 7/29/2011 7:39:18 PM - System Checkpoint
RP134: 7/30/2011 7:47:16 PM - System Checkpoint
RP135: 8/1/2011 12:19:08 AM - System Checkpoint
RP136: 8/2/2011 1:12:33 AM - System Checkpoint
RP137: 8/3/2011 8:22:19 AM - System Checkpoint
RP138: 8/4/2011 8:36:25 AM - System Checkpoint
RP139: 8/5/2011 8:52:43 AM - System Checkpoint
RP140: 8/6/2011 11:33:50 AM - System Checkpoint
RP141: 8/7/2011 12:33:08 PM - System Checkpoint
RP142: 8/8/2011 2:05:45 PM - System Checkpoint
RP143: 8/9/2011 4:43:11 PM - System Checkpoint
RP144: 8/10/2011 5:52:56 PM - Software Distribution Service 3.0
RP145: 8/12/2011 12:18:02 AM - System Checkpoint
RP146: 8/13/2011 9:12:45 AM - System Checkpoint
RP147: 8/14/2011 9:28:59 AM - System Checkpoint
RP148: 8/15/2011 12:11:17 PM - System Checkpoint
RP149: 8/16/2011 1:30:58 PM - System Checkpoint
RP150: 8/17/2011 5:52:51 PM - System Checkpoint
RP151: 8/18/2011 6:26:23 PM - System Checkpoint
RP152: 8/19/2011 6:44:45 PM - System Checkpoint
RP153: 8/21/2011 2:09:50 AM - System Checkpoint
RP154: 8/22/2011 7:53:17 AM - System Checkpoint
RP155: 8/28/2011 6:34:55 PM - System Checkpoint
RP156: 8/29/2011 8:16:21 PM - System Checkpoint
RP157: 8/30/2011 8:24:43 PM - System Checkpoint
RP158: 8/31/2011 3:20:41 PM - Software Distribution Service 3.0
RP159: 9/1/2011 3:22:19 PM - System Checkpoint
RP160: 9/2/2011 7:37:54 PM - System Checkpoint
RP161: 9/3/2011 10:04:59 PM - System Checkpoint
RP162: 9/4/2011 10:29:19 PM - System Checkpoint
RP163: 9/5/2011 10:31:34 PM - System Checkpoint
RP164: 9/6/2011 10:32:42 PM - System Checkpoint
RP165: 9/7/2011 11:32:40 PM - System Checkpoint
RP166: 9/9/2011 12:07:10 AM - System Checkpoint
RP167: 9/10/2011 1:48:08 AM - System Checkpoint
RP168: 9/10/2011 6:31:44 AM - Software Distribution Service 3.0
RP169: 9/11/2011 8:51:54 AM - System Checkpoint
RP170: 9/12/2011 9:59:28 AM - System Checkpoint
RP171: 9/13/2011 10:10:12 AM - System Checkpoint
RP172: 9/14/2011 11:33:27 AM - System Checkpoint
RP173: 9/15/2011 11:52:39 AM - System Checkpoint
RP174: 9/16/2011 12:07:58 PM - System Checkpoint
RP175: 9/17/2011 12:35:23 PM - System Checkpoint
RP176: 9/18/2011 12:46:24 PM - System Checkpoint
RP177: 9/19/2011 1:21:06 PM - System Checkpoint
RP178: 9/20/2011 2:54:12 PM - System Checkpoint
RP179: 9/21/2011 3:51:10 PM - System Checkpoint
RP180: 9/22/2011 6:10:53 PM - System Checkpoint
RP181: 9/23/2011 6:20:39 PM - System Checkpoint
RP182: 9/24/2011 6:51:06 PM - System Checkpoint
RP183: 9/25/2011 2:30:45 PM - Software Distribution Service 3.0
RP184: 9/26/2011 5:28:07 PM - System Checkpoint
RP185: 9/27/2011 6:15:00 PM - System Checkpoint
RP186: 9/28/2011 7:07:04 PM - System Checkpoint
RP187: 9/29/2011 7:42:21 PM - System Checkpoint
RP188: 9/30/2011 8:22:25 PM - System Checkpoint
RP189: 10/2/2011 8:02:14 AM - System Checkpoint
RP190: 10/3/2011 12:42:18 PM - System Checkpoint
RP191: 10/4/2011 4:21:31 PM - Software Distribution Service 3.0
RP192: 10/5/2011 5:54:42 PM - System Checkpoint
RP193: 10/6/2011 6:06:48 PM - System Checkpoint
RP194: 10/7/2011 6:47:52 PM - System Checkpoint
RP195: 10/8/2011 7:31:22 PM - System Checkpoint
RP196: 10/9/2011 7:32:24 PM - System Checkpoint
RP197: 10/10/2011 7:41:25 PM - System Checkpoint
RP198: 10/11/2011 8:00:21 PM - System Checkpoint
RP199: 10/12/2011 8:01:19 PM - System Checkpoint
RP200: 10/13/2011 8:20:03 PM - System Checkpoint
RP201: 10/14/2011 10:01:06 PM - System Checkpoint
RP202: 10/15/2011 10:06:02 PM - System Checkpoint
RP203: 10/16/2011 11:06:05 PM - System Checkpoint
RP204: 10/17/2011 11:18:01 PM - System Checkpoint
RP205: 10/18/2011 8:33:51 PM - Restore Operation
RP206: 10/19/2011 11:33:18 PM - Removed Ask Toolbar.
RP207: 10/19/2011 11:34:07 PM - Removed Bonjour
RP208: 10/19/2011 11:35:25 PM - Removed HP Boot Optimizer
RP209: 10/19/2011 11:38:19 PM - Removed WOT for Internet Explorer
RP210: 10/20/2011 12:51:27 AM - Installed Java(TM) 6 Update 29
RP211: 10/20/2011 12:52:48 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Blackhawk Striker 2 from HP Media Center (remove only)
BufferChm
CameraDrivers
CCleaner
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
DeDup
Destinations
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Driver Magician 3.49
DVD-CLONER V4.70 Build 926
Fax
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
hp deskjet 6122 series
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
HP Update
HPProductAssistant
HpSdpAppCoreApp
HPTunesAddIn
InstantShareDevices
Intel(R) PRO Network Connections Drivers
IntelliMover Data Transfer Demo
iTunes
Java Auto Updater
Java(TM) 6 Update 29
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG ODD Auto Firmware Update
LG Power Tools
LightScribe System Software
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Mozilla Firefox 7.0.1 (x86 en-US)
Mozilla Thunderbird (3.1.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
NewCopy
NVIDIA Drivers
OpenOffice.org 3.3
Otto
PanoStandAlone
PhotoGallery
PSPrinters08
PSTAPlugin
QFolder
QuickTime
RandMap
RangeMax Wireless-N USB Adapter WN111v2
Readme
Realtek High Definition Audio Driver
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SolutionCenter
Sonic Encoders
Sonic_PrimoSDK
Status
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WeatherBug
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPatrol
WN111v2
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
10/20/2011 1:17:37 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/19/2011 2:01:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/19/2011 10:32:35 PM, error: Service Control Manager [7000] - The Avira AntiVir Scheduler service failed to start due to the following error: Access is denied.
10/19/2011 10:27:42 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.
10/19/2011 10:27:42 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.
10/19/2011 10:24:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/19/2011 10:23:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/19/2011 1:45:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
10/18/2011 8:39:44 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/18/2011 8:39:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
10/18/2011 8:39:43 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/18/2011 8:39:28 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
10/18/2011 6:36:51 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/18/2011 4:29:19 PM, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/18/2011 4:29:19 PM, error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: Access is denied.
10/18/2011 2:39:30 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
10/18/2011 11:11:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm ssmdrv
10/18/2011 11:10:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/14/2011 5:00:24 PM, error: NetDDE [206] - Listen failed: 15:
10/14/2011 4:57:42 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
.
==== End Of File ===========================

robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Superdave on Fri 21 Oct 2011, 5:38 am

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:
C:\WINDOWS\3129287989:3403315781.exe
 

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
******************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*********************************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Fri 21 Oct 2011, 6:45 am

Hi SuperDave,

I followed the initial instructions regarding Jotti's Malware, but I ran into a problem. When I click into the browse box on the site, it automatically opens a 'File Upload' box, showing files on the computer. If I then paste the code into that box (next to file open). I get an error message:"The above file name is invalid."

I tried to enter the code manually, same thing--- I get the upload box. Can
you please tell me what I have missed here, and let me know how to get this to work?

Sorry to be a bother, thanks for your patience.

Patricia

PS
I like your sign in name, my son is Sewper_Dave...

robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Superdave on Fri 21 Oct 2011, 9:03 am

my son is Sewper_Dave
Good one.

click once inside the window next to Browse. If you click "browse" you need to indicate where the file resides. In this case: C:\WINDOWS\3129287989:3403315781.exe You can use either method.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Fri 21 Oct 2011, 9:32 am

Believe it, or not, that is exactly what I've been doing---"click once inside the window next to Browse." No matter, each time I do, it opens up a large box, labelled "File Upload" and showing the directories on the pc. At the bottom of this 'File Upload' box, there is a small open box, next to a button labelled "Open." Since that appears to be the logical place to paste, or enter, the file name, I've done that...and then get the error message, in a box labelled 'File Upload.' The message shows the file name and says, "The above file name is invalid."

I have even tried using the drop down, at the top of the File Upload box, and opening to 'C:\WINDOWS\' and then entering the file name...and I have tried browsing that file for the file name and couldn't find it. So, I went back to square one and followed your directions, exactly, again...same sorry results.

I did check to see that the file name was copied and pasted correctly, and it was, but I still get the "invalid file" message.

I still can't figure this out-- can you?

I'll keep an eye out for further instructions.

Thanks

Patricia

robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Superdave on Fri 21 Oct 2011, 12:22 pm

Ok. Let's have a look to see if the file is actually there.

Click Start, Search, select All Files and Folders. Copy and paste
Code:
C:\WINDOWS\3129287989:3403315781.exe
and click search.

Let me know if you find it. In the meantime, please run ComboFix and we'll see if it shows up there.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Fri 21 Oct 2011, 3:00 pm

Well, I ran the Search for C:\WINDOWS\3129287989:3403315781.exe and it was not found. The only result in the Search box was the OTL.txt file.

I ran ComboFix and the log follows:

ComboFix 11-10-20.08 - HP_Administrator 10/20/2011 22:38:00.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.705 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Local Settings\Application Data\352585ba
c:\documents and settings\HP_Administrator\Local Settings\Application Data\352585ba\@
c:\documents and settings\HP_Administrator\Local Settings\Application Data\352585ba\U\80000000.@
c:\documents and settings\HP_Administrator\Local Settings\Application Data\352585ba\U\800000cb.@
c:\documents and settings\HP_Administrator\Local Settings\Application Data\352585ba\X
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\$NtUninstallKB20320$\3848706962
c:\windows\$NtUninstallKB20320$\891651514\@
c:\windows\$NtUninstallKB20320$\891651514\L\nezyfjsm
c:\windows\$NtUninstallKB20320$\891651514\loader.tlb
c:\windows\$NtUninstallKB20320$\891651514\U\@00000001
c:\windows\$NtUninstallKB20320$\891651514\U\@000000c0
c:\windows\$NtUninstallKB20320$\891651514\U\@000000cb
c:\windows\$NtUninstallKB20320$\891651514\U\@000000cf
c:\windows\$NtUninstallKB20320$\891651514\U\@80000000
c:\windows\$NtUninstallKB20320$\891651514\U\@800000c0
c:\windows\$NtUninstallKB20320$\891651514\U\@800000cb
c:\windows\$NtUninstallKB20320$\891651514\U\@800000cf
c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
c:\windows\kb913800.exe
c:\windows\system32\
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\$NtUninstallKB20320$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\acs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013319.exe
.
Infected copy of c:\program files\Avira\AntiVir Desktop\sched.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013320.exe
.
Infected copy of c:\program files\Avira\AntiVir Desktop\avguard.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0014441.exe
.
Infected copy of c:\program files\NETGEAR\WN111v2\jswpsapi.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013324.exe
.
Infected copy of c:\windows\system32\nvsvc32.exe was found and disinfected
Restored copy from - c:\windows\system32\ReinstallBackups\0011\DriverFiles\nvsvc32.exe
.
Infected copy of c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013327.EXE
.
Infected copy of c:\windows\system32\SearchIndexer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015445.exe
.
Infected copy of c:\windows\system32\ZuneBusEnum.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP211\A0015367.exe
.
Infected copy of c:\windows\system32\acs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013319.exe
Infected copy of c:\program files\NETGEAR\WN111v2\jswpsapi.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013324.exe
Infected copy of c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013327.EXE
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_352585ba
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 02:57 . 2008-06-27 21:24 467028 ----a-w- c:\windows\system32\acs.exe
2011-10-19 00:37 . 2011-10-19 00:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-26 15:41 . 2011-09-26 15:41 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 15:41 . 2011-09-26 15:41 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 17:56 . 2010-11-30 06:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 09:06 . 2010-12-05 16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2010-02-14 06:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-01-12 22:39 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-01-12 22:39 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-01-12 22:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-01-12 22:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2010-11-30 06:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-01-13 05:41 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-01-12 22:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-01-12 22:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-01-12 22:38 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-01-12 22:37 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-01 13:18 . 2011-05-07 15:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-06-09 23:45 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-03-05 22:08 . 2009-05-17 01:17 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"nwiz"="nwiz.exe" [2007-08-28 1626112]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-09-28 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-17 329096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CaSup.lnk - c:\hp\region\CustAtStartUp.wsf [N/A]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe [2008-2-26 323584]
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-11-6 270336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\aswMBR.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R2 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 12:54 PM 360547]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 5:15 AM 547744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [3/8/2010 5:36 PM 96256]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 2:10 AM 267568]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 2:19 PM 268528]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 4:24 AM 453120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-10-21 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
2011-10-20 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-10-20 23:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1208)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\nview.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\windows\system32\netdde.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-10-20 23:49:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-21 03:48
ComboFix2.txt 2010-12-05 01:36
.
Pre-Run: 120,524,566,528 bytes free
Post-Run: 121,933,086,720 bytes free
.
- - End Of File - - B54C6C031B57917B4C72B9929B2E8F8F


I will check back for your next instructions.
Thanks, again, for all your help~

Patricia

robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Superdave on Sat 22 Oct 2011, 4:43 am

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Sat 22 Oct 2011, 5:28 am

Hi Super Dave~

I ran the SysProt AntiRootkit, successfully, and the log is pasted below. I will check back for the next steps. Thanks for all your help~

Patricia

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F755D000
Module End: F756C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F2398000
Module End: F23B0000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7A83000
Module End: F7A85000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: F78BD000
Module End: F78C5000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F7A1B000
Module End: F7A1D000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F7B552BE
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F7B552B4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F7B552C3
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F7B552CD
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadKey
Address: F7B552D2
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: F7B552A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F7B552A5
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwReplaceKey
Address: F7B552DC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: F7B552D7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F7B552C8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: F7B552AF
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\e396453136c5abc4579b89b0\update\update.exe
Status: Access denied

Object: C:\e396453136c5abc4579b89b0\update\updspapi.dll
Status: Access denied

Object: C:\Program Files\Avira\AntiVir Desktop\
Status: Hidden

Object: C:\Program Files\Common Files\Apple\Mobile Device Support\
Status: Hidden

Object: C:\Program Files\Common Files\LightScribe\
Status: Hidden

Object: C:\Program Files\CyberLink\Shared files\
Status: Hidden

Object: C:\Program Files\Java\jre6\bin\
Status: Hidden

Object: C:\Program Files\NETGEAR\WN111v2\
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}
Status: Access denied

Object: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
Status: Hidden

Object: C:\WINDOWS\system32\spool\drivers\w32x86\3\
Status: Hidden


robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Superdave on Sat 22 Oct 2011, 5:36 am

Is the computer running any better?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Sat 22 Oct 2011, 12:55 pm

Re: "Is the computer running better?" It's hard to say if it is or isn't running better. I'm not seeing as many pop-ups, right now. We have had a couple of large pop-up boxes today, asking permission to run a couple of .dll files as .exe files, and each time I just clicked "NO" and closed the box.

I did just try to access Task Manager (Ctrl/Alt/Del) again and, once more, all that opens is the CPU Usage frame and there are no tabs to access anything else or close it down.

I ran the eSet scan twice, because I misread your instructions the first time. (I printed out your last message and the blue image type didn't print). The first time it finished it indicated that it had found 15 threats. When I realized that I didn't have your full instructions printed out, I ran it again. This time it only indicated 1 Found Threat.

Here is the list of found threats:

C:\Program Files\CyberLink\Shared files\RichVideo.exe Win32/Patched.HN trojan error while cleaning
C:\WINDOWS\system32\drivers\netbt.sys Win32/Rootkit.Agent.NUT trojan unable to clean
Operating memory Win32/Patched.HN trojan

and here is the eset log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=0e16a7a8847a3f4289bb8d28a3906510
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-21 09:43:54
# local_time=2011-10-21 05:43:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775142 100 93 0 90937975 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=225194
# found=16
# cleaned=13
# scan_time=10373
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\52\17602ef4-35629b27 Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\Cache\2\A6\60A5Dd01 HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\CyberLink\Shared files\RichVideo.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\352585ba\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Avira\AntiVir Desktop\avguard.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Avira\AntiVir Desktop\sched.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\NETGEAR\WN111v2\jswpsapi.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\acs.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\nvsvc32.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\SearchIndexer.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ZuneBusEnum.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\5123.js JS/TrojanDownloader.Agent.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\netbt.sys Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng06.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
${Memory} Win32/Patched.HN trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=0e16a7a8847a3f4289bb8d28a3906510
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-22 12:46:08
# local_time=2011-10-21 08:46:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775142 100 93 0 90949020 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=225227
# found=3
# cleaned=0
# scan_time=10263
C:\Program Files\CyberLink\Shared files\RichVideo.exe Win32/Patched.HN trojan (error while cleaning) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\netbt.sys Win32/Rootkit.Agent.NUT trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/Patched.HN trojan 00000000000000000000000000000000 I

Sorry about the mis-read, I should have just opened the message on my other computer---but hindsight is 20/20.

I'll check back for further instructions. Thanks again, for your patience and help.

Patricia


robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Superdave on Sun 23 Oct 2011, 5:02 am

We have had a couple of large pop-up boxes today, asking permission to run a couple of .dll files as .exe files, and each time I just clicked "NO" and closed the box.
Do you have your browser set up to block pop-ups?

Please try this one first. If nothing comes up, go on to the second one.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
************************************************************
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Tue 25 Oct 2011, 8:15 am

Hi Super Dave,

I submitted this post earlier today, but it doesn't appear now, so I'll try again. Please excuse if this is a double posting.

Re: pop-ups, I did change the setting to disallow pop-ups, but still got the error messages. It appears to be part of the 'security' system, reset by the trojans, that is not allowing access to programs. That's just my guess, but we've seen a lot of it since this thing started.

We did run Kaspersky, took a loooooong time, and I'll paste the log of threats below.

Since running that KAS, the computer will not connect to the internet. I looked at Network Connections and it says "acquiring connection," but it seems to hang up there.

I'll look forward to further instructions to get the pc back online. Meanwhile, I'm using my own desktop pc to respond.

Threat log:

Status: Deleted (events: 24)
10/22/2011 3:47:16 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\21\480ea855-2ada807f High
10/23/2011 12:36:06 AM Deleted Trojan program Trojan-Clicker.Win32.Agent.vdt C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\352585ba\U\80000000.@.vir High
10/23/2011 12:36:06 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP204\A0013069.sys High
10/23/2011 12:36:06 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP204\A0013070.ini High
10/23/2011 12:41:52 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013162.sys High
10/23/2011 12:42:52 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013269.sys High
10/23/2011 12:44:18 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013370.ini High
10/23/2011 12:44:18 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013369.sys High
10/23/2011 12:44:18 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013394.sys High
10/23/2011 12:44:32 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013395.ini High
10/23/2011 12:44:47 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0014394.sys High
10/23/2011 12:44:38 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0014395.ini High
10/23/2011 12:46:11 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0014424.sys High
10/23/2011 12:46:20 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0014425.ini High
10/23/2011 2:22:09 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP211\A0015155.sys High
10/23/2011 2:22:09 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP211\A0015156.ini High
10/23/2011 2:47:22 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015433.sys High
10/23/2011 2:47:22 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015434.ini High
10/23/2011 9:42:02 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\WINDOWS\assembly\GAC_MSIL\Desktop(2).ini High
10/23/2011 9:42:03 AM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini High
10/23/2011 11:02:50 AM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\WINDOWS\system32\drivers\netbt.sys High
10/23/2011 8:13:34 PM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP214\A0015759.ini High
10/23/2011 8:13:31 PM Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP214\A0015758.ini High
10/23/2011 8:13:31 PM Deleted Trojan program Rootkit.Win32.ZAccess.g C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP214\A0015760.sys High
Status: Disinfected (events: 22)
10/22/2011 10:28:07 PM Disinfected Trojan program Trojan.Win32.Patched.mf C:\Program Files\CyberLink\Shared files\RichVideo.exe High
10/23/2011 12:40:45 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013179.EXE High
10/23/2011 12:40:45 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013180.exe High
10/23/2011 12:40:53 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013181.exe High
10/23/2011 12:41:17 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013182.exe High
10/23/2011 12:42:37 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013272.exe High
10/23/2011 12:42:36 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013273.exe High
10/23/2011 12:42:50 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013274.exe High
10/23/2011 12:42:53 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP205\A0013275.exe High
10/23/2011 2:21:22 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP211\A0015157.exe High
10/23/2011 2:46:26 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015602.exe High
10/23/2011 2:47:18 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015603.exe High
10/23/2011 2:47:36 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015605.exe High
10/23/2011 2:47:36 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015604.exe High
10/23/2011 2:47:44 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015607.EXE High
10/23/2011 2:47:48 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015606.exe High
10/23/2011 2:47:48 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015608.exe High
10/23/2011 2:47:57 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP212\A0015609.exe High
10/23/2011 2:48:47 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP213\A0015710.exe High
10/23/2011 2:49:19 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP214\A0015756.exe High
10/23/2011 9:41:12 AM Disinfected Trojan program Trojan.Win32.Patched.mf C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe High
10/23/2011 8:12:37 PM Disinfected Trojan program Trojan.Win32.Patched.mf C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP214\A0015757.exe High

Thanks for all your help~

Patricia

robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Superdave on Tue 25 Oct 2011, 9:13 am

Ok. Let's see what happened with your connection.

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post. .

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Tue 25 Oct 2011, 1:02 pm

Thank Heaven for USB drives!

We ran the mini tool bar with those settings-- results below:

MiniToolBox by Farbar
Ran by HP_Administrator (administrator) on 24-10-2011 at 21:59:19
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : BobsPC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-D4-21-21-7C



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B)

Physical Address. . . . . . . . . : 00-13-46-60-52-1E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 13 d4 21 21 7c ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
0x20002 ...00 13 46 60 52 1e ...... D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
255.255.255.255 255.255.255.255 255.255.255.255 20002 1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (10/24/2011 01:32:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NetBT

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%2

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error:
%%2

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Scheduler service failed to start due to the following error:
%%2

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (10/24/2011 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (10/24/2011 03:47:44 AM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error:
%%2

Error: (10/24/2011 03:47:44 AM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error:
%%2

Error: (10/24/2011 03:47:43 AM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\UNINSTALL POWERDVD 8.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\UNINSTALL POWERDVD 8.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\READ ME.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\READ ME.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\ONLINE REGISTRATION.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\ONLINE REGISTRATION.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\POWERDVD 8 HELP FILE.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\POWERDVD 8 HELP FILE.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\CYBERLINK POWERDVD 8.LNK

Error: (10/24/2011 03:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\START MENU\PROGRAMS\LG POWER TOOLS\POWERDVD 8\CYBERLINK POWERDVD 8.LNK


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 1022.41 MB
Available physical RAM: 573.9 MB
Total Pagefile: 2460.27 MB
Available Pagefile: 2087.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.2 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:363.53 GB) (Free:113.02 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.05 GB) (Free:4.4 GB) FAT32
9 Drive k: (HP Personal Media Drive) (Fixed) (Total:279.45 GB) (Free:227.75 GB) NTFS
10 Drive l: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.09 GB) FAT

========================= Users: ========================================

User accounts for \\BOBSPC

Administrator Guest HelpAssistant
HP_Administrator SUPPORT_388945a0 SUPPORT_fddfa904


**** End of log ****

robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Superdave on Wed 26 Oct 2011, 5:56 am

I'm checking with my colleagues about this problem. In the meantime, please stand by.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Belahzur on Wed 26 Oct 2011, 6:07 am

Hi robbhenningsr.
You have a VERY nasty infection here, a few different infections combined. I'll be helping Dave and we'll see what we can do.

Please bare in the mind the damage here is very extensive and what we do next could potentially trash the OS beyond repair. Right now, you have about a 25% chance of this working.

The tools we need are EXTREMELY powerful and sometimes the malware doesn't like to be shifted and kills the OS to stop us, please keep in mind this may not work at all.

First,

Please download Profiles by noahdfear.
  • Save it to your desktop.
  • Double-click profiles.exe and post its log when you reply


Second,

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Please make sure to post both logs.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Wed 26 Oct 2011, 6:56 am

Here are the results from Profiles:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1875725558-3976243440-3102216680-1007
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HP_Administrator

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1875725558-3976243440-3102216680-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS

and these are the results from TDSSKiller

15:46:23.0390 2104 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
15:46:23.0437 2104 ============================================================
15:46:23.0437 2104 Current date / time: 2011/10/25 15:46:23.0437
15:46:23.0437 2104 SystemInfo:
15:46:23.0437 2104
15:46:23.0437 2104 OS Version: 5.1.2600 ServicePack: 3.0
15:46:23.0437 2104 Product type: Workstation
15:46:23.0437 2104 ComputerName: BOBSPC
15:46:23.0437 2104 UserName: HP_Administrator
15:46:23.0437 2104 Windows directory: C:\WINDOWS
15:46:23.0437 2104 System windows directory: C:\WINDOWS
15:46:23.0437 2104 Processor architecture: Intel x86
15:46:23.0437 2104 Number of processors: 2
15:46:23.0437 2104 Page size: 0x1000
15:46:23.0437 2104 Boot type: Normal boot
15:46:23.0437 2104 ============================================================
15:46:31.0718 2104 Initialize success
15:46:36.0843 2272 ============================================================
15:46:36.0843 2272 Scan started
15:46:36.0843 2272 Mode: Manual;
15:46:36.0843 2272 ============================================================
15:46:37.0281 2272 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys
15:46:37.0296 2272 A3AB - ok
15:46:37.0296 2272 Abiosdsk - ok
15:46:37.0312 2272 abp480n5 - ok
15:46:37.0359 2272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:46:37.0359 2272 ACPI - ok
15:46:37.0437 2272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:46:37.0437 2272 ACPIEC - ok
15:46:37.0453 2272 adpu160m - ok
15:46:37.0500 2272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:46:37.0500 2272 aec - ok
15:46:37.0546 2272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:46:37.0546 2272 AFD - ok
15:46:37.0562 2272 Aha154x - ok
15:46:37.0578 2272 aic78u2 - ok
15:46:37.0593 2272 aic78xx - ok
15:46:37.0609 2272 AliIde - ok
15:46:37.0625 2272 amsint - ok
15:46:37.0656 2272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:46:37.0656 2272 Arp1394 - ok
15:46:37.0656 2272 asc - ok
15:46:37.0671 2272 asc3350p - ok
15:46:37.0687 2272 asc3550 - ok
15:46:37.0734 2272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:46:37.0734 2272 AsyncMac - ok
15:46:37.0765 2272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:37.0765 2272 atapi - ok
15:46:37.0781 2272 Atdisk - ok
15:46:37.0812 2272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:46:37.0812 2272 Atmarpc - ok
15:46:37.0859 2272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:46:37.0859 2272 audstub - ok
15:46:37.0968 2272 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:46:37.0968 2272 avgio - ok
15:46:38.0031 2272 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:46:38.0031 2272 avgntflt - ok
15:46:38.0062 2272 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:46:38.0078 2272 avipbb - ok
15:46:38.0093 2272 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
15:46:38.0093 2272 bb-run - ok
15:46:38.0156 2272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:46:38.0156 2272 Beep - ok
15:46:38.0156 2272 catchme - ok
15:46:38.0203 2272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:46:38.0203 2272 cbidf2k - ok
15:46:38.0218 2272 cd20xrnt - ok
15:46:38.0234 2272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:46:38.0234 2272 Cdaudio - ok
15:46:38.0281 2272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:46:38.0281 2272 Cdfs - ok
15:46:38.0328 2272 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:46:38.0328 2272 Cdrom - ok
15:46:38.0343 2272 Changer - ok
15:46:38.0359 2272 CmdIde - ok
15:46:38.0406 2272 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
15:46:38.0437 2272 COMMONFX.DLL - ok
15:46:38.0453 2272 Cpqarray - ok
15:46:38.0484 2272 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
15:46:38.0500 2272 CT20XUT.DLL - ok
15:46:38.0562 2272 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
15:46:38.0562 2272 ctac32k - ok
15:46:38.0593 2272 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
15:46:38.0609 2272 ctaud2k - ok
15:46:38.0625 2272 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
15:46:38.0640 2272 CTAUDFX.DLL - ok
15:46:38.0703 2272 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
15:46:38.0703 2272 ctdvda2k - ok
15:46:38.0734 2272 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
15:46:38.0734 2272 CTEAPSFX.DLL - ok
15:46:38.0765 2272 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
15:46:38.0765 2272 CTEDSPFX.DLL - ok
15:46:38.0796 2272 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
15:46:38.0796 2272 CTEDSPIO.DLL - ok
15:46:38.0828 2272 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
15:46:38.0843 2272 CTEDSPSY.DLL - ok
15:46:38.0859 2272 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
15:46:38.0859 2272 CTERFXFX.DLL - ok
15:46:38.0937 2272 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
15:46:38.0968 2272 CTEXFIFX.DLL - ok
15:46:39.0000 2272 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
15:46:39.0000 2272 CTHWIUT.DLL - ok
15:46:39.0078 2272 ctlsb16 (e2b1aedb62845581d848037f0a614ee6) C:\WINDOWS\system32\drivers\ctlsb16.sys
15:46:39.0078 2272 ctlsb16 - ok
15:46:39.0125 2272 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:46:39.0125 2272 ctprxy2k - ok
15:46:39.0156 2272 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
15:46:39.0156 2272 CTSBLFX.DLL - ok
15:46:39.0187 2272 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:46:39.0187 2272 ctsfm2k - ok
15:46:39.0203 2272 dac2w2k - ok
15:46:39.0218 2272 dac960nt - ok
15:46:39.0265 2272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:46:39.0265 2272 Disk - ok
15:46:39.0328 2272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:46:39.0343 2272 dmboot - ok
15:46:39.0375 2272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:46:39.0375 2272 dmio - ok
15:46:39.0406 2272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:46:39.0406 2272 dmload - ok
15:46:39.0453 2272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:46:39.0453 2272 DMusic - ok
15:46:39.0500 2272 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
15:46:39.0500 2272 DNINDIS5 - ok
15:46:39.0515 2272 dpti2o - ok
15:46:39.0531 2272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:46:39.0531 2272 drmkaud - ok
15:46:39.0578 2272 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:46:39.0578 2272 E100B - ok
15:46:39.0640 2272 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
15:46:39.0640 2272 emupia - ok
15:46:39.0687 2272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:46:39.0687 2272 Fastfat - ok
15:46:39.0703 2272 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
15:46:39.0703 2272 fasttx2k - ok
15:46:39.0750 2272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:46:39.0750 2272 Fdc - ok
15:46:39.0781 2272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:46:39.0781 2272 Fips - ok
15:46:39.0828 2272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:46:39.0828 2272 Flpydisk - ok
15:46:39.0890 2272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:46:39.0890 2272 FltMgr - ok
15:46:39.0953 2272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:46:39.0953 2272 Fs_Rec - ok
15:46:40.0000 2272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:46:40.0000 2272 Ftdisk - ok
15:46:40.0046 2272 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
15:46:40.0046 2272 ftsata2 - ok
15:46:40.0078 2272 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
15:46:40.0078 2272 gagp30kx - ok
15:46:40.0140 2272 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:46:40.0140 2272 GEARAspiWDM - ok
15:46:40.0171 2272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:46:40.0171 2272 Gpc - ok
15:46:40.0234 2272 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:46:40.0250 2272 ha10kx2k - ok
15:46:40.0296 2272 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
15:46:40.0296 2272 hap16v2k - ok
15:46:40.0328 2272 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
15:46:40.0343 2272 hap17v2k - ok
15:46:40.0390 2272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:46:40.0390 2272 HDAudBus - ok
15:46:40.0437 2272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:46:40.0453 2272 HidUsb - ok
15:46:40.0453 2272 hpn - ok
15:46:40.0515 2272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:46:40.0515 2272 HTTP - ok
15:46:40.0531 2272 i2omgmt - ok
15:46:40.0546 2272 i2omp - ok
15:46:40.0593 2272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:46:40.0593 2272 i8042prt - ok
15:46:40.0609 2272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:46:40.0625 2272 Imapi - ok
15:46:40.0640 2272 ini910u - ok
15:46:40.0765 2272 IntcAzAudAddService (98b7fab86755a42fe8eb04538a4cd6c8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:46:40.0859 2272 IntcAzAudAddService - ok
15:46:40.0921 2272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:46:40.0921 2272 IntelIde - ok
15:46:40.0968 2272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:46:40.0968 2272 intelppm - ok
15:46:41.0000 2272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:46:41.0000 2272 Ip6Fw - ok
15:46:41.0031 2272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:46:41.0031 2272 IpFilterDriver - ok
15:46:41.0078 2272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:46:41.0093 2272 IpInIp - ok
15:46:41.0140 2272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:46:41.0140 2272 IpNat - ok
15:46:41.0187 2272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:46:41.0187 2272 IPSec - ok
15:46:41.0234 2272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:46:41.0234 2272 IRENUM - ok
15:46:41.0281 2272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:46:41.0281 2272 isapnp - ok
15:46:41.0343 2272 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
15:46:41.0343 2272 JSWSCIMD - ok
15:46:41.0375 2272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:46:41.0375 2272 Kbdclass - ok
15:46:41.0390 2272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:46:41.0390 2272 kbdhid - ok
15:46:41.0437 2272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:46:41.0437 2272 kmixer - ok
15:46:41.0484 2272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:46:41.0484 2272 KSecDD - ok
15:46:41.0500 2272 lbrtfdc - ok
15:46:41.0562 2272 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:46:41.0562 2272 MHNDRV - ok
15:46:41.0609 2272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:46:41.0609 2272 mnmdd - ok
15:46:41.0671 2272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:46:41.0671 2272 Modem - ok
15:46:41.0718 2272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:46:41.0718 2272 Mouclass - ok
15:46:41.0734 2272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:46:41.0734 2272 mouhid - ok
15:46:41.0765 2272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:46:41.0765 2272 MountMgr - ok
15:46:41.0781 2272 mraid35x - ok
15:46:41.0796 2272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:46:41.0812 2272 MRxDAV - ok
15:46:41.0875 2272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:46:41.0890 2272 MRxSmb - ok
15:46:41.0937 2272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:46:41.0953 2272 Msfs - ok
15:46:41.0984 2272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:46:41.0984 2272 MSKSSRV - ok
15:46:42.0000 2272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:46:42.0000 2272 MSPCLOCK - ok
15:46:42.0015 2272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:46:42.0015 2272 MSPQM - ok
15:46:42.0062 2272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:46:42.0078 2272 mssmbios - ok
15:46:42.0093 2272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:46:42.0093 2272 Mup - ok
15:46:42.0140 2272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:46:42.0140 2272 NDIS - ok
15:46:42.0203 2272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:46:42.0203 2272 NdisTapi - ok
15:46:42.0218 2272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:46:42.0218 2272 Ndisuio - ok
15:46:42.0234 2272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:46:42.0234 2272 NdisWan - ok
15:46:42.0281 2272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:46:42.0281 2272 NDProxy - ok
15:46:42.0312 2272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:46:42.0312 2272 NetBIOS - ok
15:46:42.0312 2272 NetBT - ok
15:46:42.0375 2272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:46:42.0375 2272 NIC1394 - ok
15:46:42.0421 2272 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:46:42.0421 2272 nm - ok
15:46:42.0437 2272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:46:42.0437 2272 Npfs - ok
15:46:42.0453 2272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:46:42.0468 2272 Ntfs - ok
15:46:42.0515 2272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:46:42.0515 2272 Null - ok
15:46:42.0781 2272 nv (fee170f182d5167b6e06e490dd7b42d7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:46:42.0984 2272 nv - ok
15:46:43.0015 2272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:46:43.0015 2272 NwlnkFlt - ok
15:46:43.0046 2272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:46:43.0046 2272 NwlnkFwd - ok
15:46:43.0093 2272 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
15:46:43.0093 2272 NwlnkIpx - ok
15:46:43.0125 2272 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
15:46:43.0125 2272 NwlnkNb - ok
15:46:43.0171 2272 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
15:46:43.0171 2272 NwlnkSpx - ok
15:46:43.0218 2272 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
15:46:43.0218 2272 NWRDR - ok
15:46:43.0234 2272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:46:43.0234 2272 ohci1394 - ok
15:46:43.0281 2272 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
15:46:43.0281 2272 ossrv - ok
15:46:43.0296 2272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:46:43.0296 2272 Parport - ok
15:46:43.0328 2272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:46:43.0328 2272 PartMgr - ok
15:46:43.0375 2272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:46:43.0375 2272 ParVdm - ok
15:46:43.0390 2272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:46:43.0390 2272 PCI - ok
15:46:43.0406 2272 PCIDump - ok
15:46:43.0437 2272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:46:43.0437 2272 PCIIde - ok
15:46:43.0468 2272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:46:43.0484 2272 Pcmcia - ok
15:46:43.0484 2272 PDCOMP - ok
15:46:43.0500 2272 PDFRAME - ok
15:46:43.0515 2272 PDRELI - ok
15:46:43.0531 2272 PDRFRAME - ok
15:46:43.0546 2272 perc2 - ok
15:46:43.0562 2272 perc2hib - ok
15:46:43.0625 2272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:46:43.0625 2272 PptpMiniport - ok
15:46:43.0640 2272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:46:43.0640 2272 Processor - ok
15:46:43.0656 2272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:46:43.0656 2272 PSched - ok
15:46:43.0687 2272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:46:43.0687 2272 Ptilink - ok
15:46:43.0750 2272 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:46:43.0750 2272 PxHelp20 - ok
15:46:43.0796 2272 ql1080 - ok
15:46:43.0812 2272 Ql10wnt - ok
15:46:43.0828 2272 ql12160 - ok
15:46:43.0843 2272 ql1240 - ok
15:46:43.0859 2272 ql1280 - ok
15:46:43.0875 2272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:46:43.0890 2272 RasAcd - ok
15:46:43.0937 2272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:46:43.0937 2272 Rasl2tp - ok
15:46:43.0953 2272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:46:43.0953 2272 RasPppoe - ok
15:46:43.0984 2272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:46:43.0984 2272 Raspti - ok
15:46:44.0015 2272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:46:44.0015 2272 Rdbss - ok
15:46:44.0062 2272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:46:44.0062 2272 RDPCDD - ok
15:46:44.0078 2272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:46:44.0093 2272 rdpdr - ok
15:46:44.0156 2272 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:46:44.0156 2272 RDPWD - ok
15:46:44.0187 2272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:46:44.0187 2272 redbook - ok
15:46:44.0250 2272 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:46:44.0250 2272 rtl8139 - ok
15:46:44.0281 2272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:46:44.0281 2272 Secdrv - ok
15:46:44.0312 2272 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:46:44.0312 2272 Serenum - ok
15:46:44.0343 2272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:46:44.0359 2272 Serial - ok
15:46:44.0406 2272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:46:44.0406 2272 Sfloppy - ok
15:46:44.0421 2272 Simbad - ok
15:46:44.0453 2272 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
15:46:44.0453 2272 SISNIC - ok
15:46:44.0468 2272 Sparrow - ok
15:46:44.0500 2272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:46:44.0500 2272 splitter - ok
15:46:44.0531 2272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:46:44.0531 2272 sr - ok
15:46:44.0562 2272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:46:44.0578 2272 Srv - ok
15:46:44.0609 2272 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:46:44.0609 2272 ssmdrv - ok
15:46:44.0656 2272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:46:44.0656 2272 swenum - ok
15:46:44.0687 2272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:46:44.0687 2272 swmidi - ok
15:46:44.0718 2272 symc810 - ok
15:46:44.0734 2272 symc8xx - ok
15:46:44.0750 2272 sym_hi - ok
15:46:44.0765 2272 sym_u3 - ok
15:46:44.0796 2272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:46:44.0796 2272 sysaudio - ok
15:46:44.0859 2272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:46:44.0859 2272 Tcpip - ok
15:46:44.0906 2272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:46:44.0906 2272 TDPIPE - ok
15:46:44.0953 2272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:46:44.0953 2272 TDTCP - ok
15:46:44.0968 2272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:46:44.0984 2272 TermDD - ok
15:46:45.0000 2272 TosIde - ok
15:46:45.0046 2272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:46:45.0046 2272 Udfs - ok
15:46:45.0062 2272 ultra - ok
15:46:45.0109 2272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:46:45.0109 2272 Update - ok
15:46:45.0156 2272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:46:45.0156 2272 usbccgp - ok
15:46:45.0171 2272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:46:45.0171 2272 usbehci - ok
15:46:45.0187 2272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:46:45.0187 2272 usbhub - ok
15:46:45.0234 2272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:46:45.0234 2272 usbohci - ok
15:46:45.0265 2272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:46:45.0265 2272 usbprint - ok
15:46:45.0312 2272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:46:45.0312 2272 usbscan - ok
15:46:45.0328 2272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:46:45.0328 2272 USBSTOR - ok
15:46:45.0359 2272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:46:45.0359 2272 usbuhci - ok
15:46:45.0375 2272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:46:45.0375 2272 VgaSave - ok
15:46:45.0406 2272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:46:45.0406 2272 ViaIde - ok
15:46:45.0421 2272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:46:45.0421 2272 VolSnap - ok
15:46:45.0453 2272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:46:45.0453 2272 Wanarp - ok
15:46:45.0500 2272 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:46:45.0515 2272 Wdf01000 - ok
15:46:45.0531 2272 WDICA - ok
15:46:45.0546 2272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:46:45.0546 2272 wdmaud - ok
15:46:45.0625 2272 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:46:45.0640 2272 WinUSB - ok
15:46:45.0687 2272 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
15:46:45.0703 2272 WN111v2 - ok
15:46:45.0796 2272 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
15:46:45.0796 2272 WSIMD - ok
15:46:45.0843 2272 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:46:45.0843 2272 WudfPf - ok
15:46:45.0875 2272 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:46:45.0875 2272 WudfRd - ok
15:46:45.0937 2272 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
15:46:45.0937 2272 zumbus - ok
15:46:45.0984 2272 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
15:46:46.0015 2272 \Device\Harddisk0\DR0 - ok
15:46:46.0031 2272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR7
15:46:46.0031 2272 \Device\Harddisk5\DR7 - ok
15:46:46.0031 2272 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk6\DR21
15:46:46.0046 2272 \Device\Harddisk6\DR21 - ok
15:46:46.0046 2272 Boot (0x1200) (1dbeaa01b2c52f6fd6438412953d3c68) \Device\Harddisk0\DR0\Partition0
15:46:46.0046 2272 \Device\Harddisk0\DR0\Partition0 - ok
15:46:46.0046 2272 Boot (0x1200) (c04adcb60e4989d8fb08ca4a33b0e3fd) \Device\Harddisk0\DR0\Partition1
15:46:46.0046 2272 \Device\Harddisk0\DR0\Partition1 - ok
15:46:46.0062 2272 Boot (0x1200) (64ba2803ee2acc110bf1eeaf66f6c701) \Device\Harddisk5\DR7\Partition0
15:46:46.0062 2272 \Device\Harddisk5\DR7\Partition0 - ok
15:46:46.0078 2272 Boot (0x1200) (076921b656edd1a166574c6bc7b5bc2e) \Device\Harddisk6\DR21\Partition0
15:46:46.0078 2272 \Device\Harddisk6\DR21\Partition0 - ok
15:46:46.0078 2272 ============================================================
15:46:46.0078 2272 Scan finished
15:46:46.0078 2272 ============================================================
15:46:46.0093 0476 Detected object count: 0
15:46:46.0093 0476 Actual detected object count: 0


Thanks for your help, I'll be watching for further instructions.

Patricia

robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Belahzur on Wed 26 Oct 2011, 6:58 am

Okay looks good, please re-run Combofix so we can get an updated log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by robbhenningsr on Wed 26 Oct 2011, 9:45 am

Here we are, I ran the ComboFix again and the log is pasted below.

Please note that, even before running ComboFix, we weren't showing any more "threats"--- However, the pc is still not connecting to the network. I'm guessing that it is just something in the settings that needs to be restored or re-set. I think that is why Super Dave had us run MiniToolBox. Anyway, that is still the problem that remains-- the Network Connections still says "acquiring a connection" but, for whatever reason it doesn't seem to be completing that step. Please see what you can advise, to get that pc re-connected.

Thanks for all your help~

Patricia

Latest ComboFix Log:

15:46:23.0390 2104 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
15:46:23.0437 2104 ============================================================
15:46:23.0437 2104 Current date / time: 2011/10/25 15:46:23.0437
15:46:23.0437 2104 SystemInfo:
15:46:23.0437 2104
15:46:23.0437 2104 OS Version: 5.1.2600 ServicePack: 3.0
15:46:23.0437 2104 Product type: Workstation
15:46:23.0437 2104 ComputerName: BOBSPC
15:46:23.0437 2104 UserName: HP_Administrator
15:46:23.0437 2104 Windows directory: C:\WINDOWS
15:46:23.0437 2104 System windows directory: C:\WINDOWS
15:46:23.0437 2104 Processor architecture: Intel x86
15:46:23.0437 2104 Number of processors: 2
15:46:23.0437 2104 Page size: 0x1000
15:46:23.0437 2104 Boot type: Normal boot
15:46:23.0437 2104 ============================================================
15:46:31.0718 2104 Initialize success
15:46:36.0843 2272 ============================================================
15:46:36.0843 2272 Scan started
15:46:36.0843 2272 Mode: Manual;
15:46:36.0843 2272 ============================================================
15:46:37.0281 2272 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys
15:46:37.0296 2272 A3AB - ok
15:46:37.0296 2272 Abiosdsk - ok
15:46:37.0312 2272 abp480n5 - ok
15:46:37.0359 2272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:46:37.0359 2272 ACPI - ok
15:46:37.0437 2272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:46:37.0437 2272 ACPIEC - ok
15:46:37.0453 2272 adpu160m - ok
15:46:37.0500 2272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:46:37.0500 2272 aec - ok
15:46:37.0546 2272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:46:37.0546 2272 AFD - ok
15:46:37.0562 2272 Aha154x - ok
15:46:37.0578 2272 aic78u2 - ok
15:46:37.0593 2272 aic78xx - ok
15:46:37.0609 2272 AliIde - ok
15:46:37.0625 2272 amsint - ok
15:46:37.0656 2272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:46:37.0656 2272 Arp1394 - ok
15:46:37.0656 2272 asc - ok
15:46:37.0671 2272 asc3350p - ok
15:46:37.0687 2272 asc3550 - ok
15:46:37.0734 2272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:46:37.0734 2272 AsyncMac - ok
15:46:37.0765 2272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:37.0765 2272 atapi - ok
15:46:37.0781 2272 Atdisk - ok
15:46:37.0812 2272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:46:37.0812 2272 Atmarpc - ok
15:46:37.0859 2272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:46:37.0859 2272 audstub - ok
15:46:37.0968 2272 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:46:37.0968 2272 avgio - ok
15:46:38.0031 2272 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:46:38.0031 2272 avgntflt - ok
15:46:38.0062 2272 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:46:38.0078 2272 avipbb - ok
15:46:38.0093 2272 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
15:46:38.0093 2272 bb-run - ok
15:46:38.0156 2272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:46:38.0156 2272 Beep - ok
15:46:38.0156 2272 catchme - ok
15:46:38.0203 2272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:46:38.0203 2272 cbidf2k - ok
15:46:38.0218 2272 cd20xrnt - ok
15:46:38.0234 2272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:46:38.0234 2272 Cdaudio - ok
15:46:38.0281 2272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:46:38.0281 2272 Cdfs - ok
15:46:38.0328 2272 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:46:38.0328 2272 Cdrom - ok
15:46:38.0343 2272 Changer - ok
15:46:38.0359 2272 CmdIde - ok
15:46:38.0406 2272 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
15:46:38.0437 2272 COMMONFX.DLL - ok
15:46:38.0453 2272 Cpqarray - ok
15:46:38.0484 2272 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
15:46:38.0500 2272 CT20XUT.DLL - ok
15:46:38.0562 2272 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
15:46:38.0562 2272 ctac32k - ok
15:46:38.0593 2272 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
15:46:38.0609 2272 ctaud2k - ok
15:46:38.0625 2272 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
15:46:38.0640 2272 CTAUDFX.DLL - ok
15:46:38.0703 2272 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
15:46:38.0703 2272 ctdvda2k - ok
15:46:38.0734 2272 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
15:46:38.0734 2272 CTEAPSFX.DLL - ok
15:46:38.0765 2272 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
15:46:38.0765 2272 CTEDSPFX.DLL - ok
15:46:38.0796 2272 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
15:46:38.0796 2272 CTEDSPIO.DLL - ok
15:46:38.0828 2272 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
15:46:38.0843 2272 CTEDSPSY.DLL - ok
15:46:38.0859 2272 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
15:46:38.0859 2272 CTERFXFX.DLL - ok
15:46:38.0937 2272 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
15:46:38.0968 2272 CTEXFIFX.DLL - ok
15:46:39.0000 2272 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
15:46:39.0000 2272 CTHWIUT.DLL - ok
15:46:39.0078 2272 ctlsb16 (e2b1aedb62845581d848037f0a614ee6) C:\WINDOWS\system32\drivers\ctlsb16.sys
15:46:39.0078 2272 ctlsb16 - ok
15:46:39.0125 2272 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:46:39.0125 2272 ctprxy2k - ok
15:46:39.0156 2272 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
15:46:39.0156 2272 CTSBLFX.DLL - ok
15:46:39.0187 2272 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:46:39.0187 2272 ctsfm2k - ok
15:46:39.0203 2272 dac2w2k - ok
15:46:39.0218 2272 dac960nt - ok
15:46:39.0265 2272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:46:39.0265 2272 Disk - ok
15:46:39.0328 2272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:46:39.0343 2272 dmboot - ok
15:46:39.0375 2272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:46:39.0375 2272 dmio - ok
15:46:39.0406 2272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:46:39.0406 2272 dmload - ok
15:46:39.0453 2272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:46:39.0453 2272 DMusic - ok
15:46:39.0500 2272 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
15:46:39.0500 2272 DNINDIS5 - ok
15:46:39.0515 2272 dpti2o - ok
15:46:39.0531 2272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:46:39.0531 2272 drmkaud - ok
15:46:39.0578 2272 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:46:39.0578 2272 E100B - ok
15:46:39.0640 2272 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
15:46:39.0640 2272 emupia - ok
15:46:39.0687 2272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:46:39.0687 2272 Fastfat - ok
15:46:39.0703 2272 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
15:46:39.0703 2272 fasttx2k - ok
15:46:39.0750 2272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:46:39.0750 2272 Fdc - ok
15:46:39.0781 2272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:46:39.0781 2272 Fips - ok
15:46:39.0828 2272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:46:39.0828 2272 Flpydisk - ok
15:46:39.0890 2272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:46:39.0890 2272 FltMgr - ok
15:46:39.0953 2272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:46:39.0953 2272 Fs_Rec - ok
15:46:40.0000 2272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:46:40.0000 2272 Ftdisk - ok
15:46:40.0046 2272 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
15:46:40.0046 2272 ftsata2 - ok
15:46:40.0078 2272 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
15:46:40.0078 2272 gagp30kx - ok
15:46:40.0140 2272 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:46:40.0140 2272 GEARAspiWDM - ok
15:46:40.0171 2272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:46:40.0171 2272 Gpc - ok
15:46:40.0234 2272 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:46:40.0250 2272 ha10kx2k - ok
15:46:40.0296 2272 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
15:46:40.0296 2272 hap16v2k - ok
15:46:40.0328 2272 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
15:46:40.0343 2272 hap17v2k - ok
15:46:40.0390 2272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:46:40.0390 2272 HDAudBus - ok
15:46:40.0437 2272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:46:40.0453 2272 HidUsb - ok
15:46:40.0453 2272 hpn - ok
15:46:40.0515 2272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:46:40.0515 2272 HTTP - ok
15:46:40.0531 2272 i2omgmt - ok
15:46:40.0546 2272 i2omp - ok
15:46:40.0593 2272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:46:40.0593 2272 i8042prt - ok
15:46:40.0609 2272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:46:40.0625 2272 Imapi - ok
15:46:40.0640 2272 ini910u - ok
15:46:40.0765 2272 IntcAzAudAddService (98b7fab86755a42fe8eb04538a4cd6c8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:46:40.0859 2272 IntcAzAudAddService - ok
15:46:40.0921 2272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:46:40.0921 2272 IntelIde - ok
15:46:40.0968 2272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:46:40.0968 2272 intelppm - ok
15:46:41.0000 2272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:46:41.0000 2272 Ip6Fw - ok
15:46:41.0031 2272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:46:41.0031 2272 IpFilterDriver - ok
15:46:41.0078 2272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:46:41.0093 2272 IpInIp - ok
15:46:41.0140 2272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:46:41.0140 2272 IpNat - ok
15:46:41.0187 2272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:46:41.0187 2272 IPSec - ok
15:46:41.0234 2272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:46:41.0234 2272 IRENUM - ok
15:46:41.0281 2272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:46:41.0281 2272 isapnp - ok
15:46:41.0343 2272 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
15:46:41.0343 2272 JSWSCIMD - ok
15:46:41.0375 2272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:46:41.0375 2272 Kbdclass - ok
15:46:41.0390 2272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:46:41.0390 2272 kbdhid - ok
15:46:41.0437 2272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:46:41.0437 2272 kmixer - ok
15:46:41.0484 2272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:46:41.0484 2272 KSecDD - ok
15:46:41.0500 2272 lbrtfdc - ok
15:46:41.0562 2272 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:46:41.0562 2272 MHNDRV - ok
15:46:41.0609 2272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:46:41.0609 2272 mnmdd - ok
15:46:41.0671 2272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:46:41.0671 2272 Modem - ok
15:46:41.0718 2272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:46:41.0718 2272 Mouclass - ok
15:46:41.0734 2272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:46:41.0734 2272 mouhid - ok
15:46:41.0765 2272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:46:41.0765 2272 MountMgr - ok
15:46:41.0781 2272 mraid35x - ok
15:46:41.0796 2272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:46:41.0812 2272 MRxDAV - ok
15:46:41.0875 2272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:46:41.0890 2272 MRxSmb - ok
15:46:41.0937 2272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:46:41.0953 2272 Msfs - ok
15:46:41.0984 2272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:46:41.0984 2272 MSKSSRV - ok
15:46:42.0000 2272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:46:42.0000 2272 MSPCLOCK - ok
15:46:42.0015 2272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:46:42.0015 2272 MSPQM - ok
15:46:42.0062 2272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:46:42.0078 2272 mssmbios - ok
15:46:42.0093 2272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:46:42.0093 2272 Mup - ok
15:46:42.0140 2272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:46:42.0140 2272 NDIS - ok
15:46:42.0203 2272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:46:42.0203 2272 NdisTapi - ok
15:46:42.0218 2272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:46:42.0218 2272 Ndisuio - ok
15:46:42.0234 2272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:46:42.0234 2272 NdisWan - ok
15:46:42.0281 2272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:46:42.0281 2272 NDProxy - ok
15:46:42.0312 2272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:46:42.0312 2272 NetBIOS - ok
15:46:42.0312 2272 NetBT - ok
15:46:42.0375 2272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:46:42.0375 2272 NIC1394 - ok
15:46:42.0421 2272 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:46:42.0421 2272 nm - ok
15:46:42.0437 2272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:46:42.0437 2272 Npfs - ok
15:46:42.0453 2272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:46:42.0468 2272 Ntfs - ok
15:46:42.0515 2272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:46:42.0515 2272 Null - ok
15:46:42.0781 2272 nv (fee170f182d5167b6e06e490dd7b42d7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:46:42.0984 2272 nv - ok
15:46:43.0015 2272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:46:43.0015 2272 NwlnkFlt - ok
15:46:43.0046 2272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:46:43.0046 2272 NwlnkFwd - ok
15:46:43.0093 2272 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
15:46:43.0093 2272 NwlnkIpx - ok
15:46:43.0125 2272 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
15:46:43.0125 2272 NwlnkNb - ok
15:46:43.0171 2272 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
15:46:43.0171 2272 NwlnkSpx - ok
15:46:43.0218 2272 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
15:46:43.0218 2272 NWRDR - ok
15:46:43.0234 2272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:46:43.0234 2272 ohci1394 - ok
15:46:43.0281 2272 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
15:46:43.0281 2272 ossrv - ok
15:46:43.0296 2272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:46:43.0296 2272 Parport - ok
15:46:43.0328 2272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:46:43.0328 2272 PartMgr - ok
15:46:43.0375 2272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:46:43.0375 2272 ParVdm - ok
15:46:43.0390 2272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:46:43.0390 2272 PCI - ok
15:46:43.0406 2272 PCIDump - ok
15:46:43.0437 2272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:46:43.0437 2272 PCIIde - ok
15:46:43.0468 2272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:46:43.0484 2272 Pcmcia - ok
15:46:43.0484 2272 PDCOMP - ok
15:46:43.0500 2272 PDFRAME - ok
15:46:43.0515 2272 PDRELI - ok
15:46:43.0531 2272 PDRFRAME - ok
15:46:43.0546 2272 perc2 - ok
15:46:43.0562 2272 perc2hib - ok
15:46:43.0625 2272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:46:43.0625 2272 PptpMiniport - ok
15:46:43.0640 2272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:46:43.0640 2272 Processor - ok
15:46:43.0656 2272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:46:43.0656 2272 PSched - ok
15:46:43.0687 2272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:46:43.0687 2272 Ptilink - ok
15:46:43.0750 2272 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:46:43.0750 2272 PxHelp20 - ok
15:46:43.0796 2272 ql1080 - ok
15:46:43.0812 2272 Ql10wnt - ok
15:46:43.0828 2272 ql12160 - ok
15:46:43.0843 2272 ql1240 - ok
15:46:43.0859 2272 ql1280 - ok
15:46:43.0875 2272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:46:43.0890 2272 RasAcd - ok
15:46:43.0937 2272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:46:43.0937 2272 Rasl2tp - ok
15:46:43.0953 2272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:46:43.0953 2272 RasPppoe - ok
15:46:43.0984 2272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:46:43.0984 2272 Raspti - ok
15:46:44.0015 2272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:46:44.0015 2272 Rdbss - ok
15:46:44.0062 2272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:46:44.0062 2272 RDPCDD - ok
15:46:44.0078 2272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:46:44.0093 2272 rdpdr - ok
15:46:44.0156 2272 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:46:44.0156 2272 RDPWD - ok
15:46:44.0187 2272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:46:44.0187 2272 redbook - ok
15:46:44.0250 2272 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:46:44.0250 2272 rtl8139 - ok
15:46:44.0281 2272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:46:44.0281 2272 Secdrv - ok
15:46:44.0312 2272 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:46:44.0312 2272 Serenum - ok
15:46:44.0343 2272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:46:44.0359 2272 Serial - ok
15:46:44.0406 2272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:46:44.0406 2272 Sfloppy - ok
15:46:44.0421 2272 Simbad - ok
15:46:44.0453 2272 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
15:46:44.0453 2272 SISNIC - ok
15:46:44.0468 2272 Sparrow - ok
15:46:44.0500 2272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:46:44.0500 2272 splitter - ok
15:46:44.0531 2272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:46:44.0531 2272 sr - ok
15:46:44.0562 2272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:46:44.0578 2272 Srv - ok
15:46:44.0609 2272 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:46:44.0609 2272 ssmdrv - ok
15:46:44.0656 2272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:46:44.0656 2272 swenum - ok
15:46:44.0687 2272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:46:44.0687 2272 swmidi - ok
15:46:44.0718 2272 symc810 - ok
15:46:44.0734 2272 symc8xx - ok
15:46:44.0750 2272 sym_hi - ok
15:46:44.0765 2272 sym_u3 - ok
15:46:44.0796 2272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:46:44.0796 2272 sysaudio - ok
15:46:44.0859 2272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:46:44.0859 2272 Tcpip - ok
15:46:44.0906 2272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:46:44.0906 2272 TDPIPE - ok
15:46:44.0953 2272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:46:44.0953 2272 TDTCP - ok
15:46:44.0968 2272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:46:44.0984 2272 TermDD - ok
15:46:45.0000 2272 TosIde - ok
15:46:45.0046 2272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:46:45.0046 2272 Udfs - ok
15:46:45.0062 2272 ultra - ok
15:46:45.0109 2272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:46:45.0109 2272 Update - ok
15:46:45.0156 2272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:46:45.0156 2272 usbccgp - ok
15:46:45.0171 2272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:46:45.0171 2272 usbehci - ok
15:46:45.0187 2272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:46:45.0187 2272 usbhub - ok
15:46:45.0234 2272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:46:45.0234 2272 usbohci - ok
15:46:45.0265 2272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:46:45.0265 2272 usbprint - ok
15:46:45.0312 2272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:46:45.0312 2272 usbscan - ok
15:46:45.0328 2272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:46:45.0328 2272 USBSTOR - ok
15:46:45.0359 2272 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:46:45.0359 2272 usbuhci - ok
15:46:45.0375 2272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:46:45.0375 2272 VgaSave - ok
15:46:45.0406 2272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:46:45.0406 2272 ViaIde - ok
15:46:45.0421 2272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:46:45.0421 2272 VolSnap - ok
15:46:45.0453 2272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:46:45.0453 2272 Wanarp - ok
15:46:45.0500 2272 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:46:45.0515 2272 Wdf01000 - ok
15:46:45.0531 2272 WDICA - ok
15:46:45.0546 2272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:46:45.0546 2272 wdmaud - ok
15:46:45.0625 2272 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:46:45.0640 2272 WinUSB - ok
15:46:45.0687 2272 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
15:46:45.0703 2272 WN111v2 - ok
15:46:45.0796 2272 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
15:46:45.0796 2272 WSIMD - ok
15:46:45.0843 2272 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:46:45.0843 2272 WudfPf - ok
15:46:45.0875 2272 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:46:45.0875 2272 WudfRd - ok
15:46:45.0937 2272 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
15:46:45.0937 2272 zumbus - ok
15:46:45.0984 2272 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
15:46:46.0015 2272 \Device\Harddisk0\DR0 - ok
15:46:46.0031 2272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR7
15:46:46.0031 2272 \Device\Harddisk5\DR7 - ok
15:46:46.0031 2272 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk6\DR21
15:46:46.0046 2272 \Device\Harddisk6\DR21 - ok
15:46:46.0046 2272 Boot (0x1200) (1dbeaa01b2c52f6fd6438412953d3c68) \Device\Harddisk0\DR0\Partition0
15:46:46.0046 2272 \Device\Harddisk0\DR0\Partition0 - ok
15:46:46.0046 2272 Boot (0x1200) (c04adcb60e4989d8fb08ca4a33b0e3fd) \Device\Harddisk0\DR0\Partition1
15:46:46.0046 2272 \Device\Harddisk0\DR0\Partition1 - ok
15:46:46.0062 2272 Boot (0x1200) (64ba2803ee2acc110bf1eeaf66f6c701) \Device\Harddisk5\DR7\Partition0
15:46:46.0062 2272 \Device\Harddisk5\DR7\Partition0 - ok
15:46:46.0078 2272 Boot (0x1200) (076921b656edd1a166574c6bc7b5bc2e) \Device\Harddisk6\DR21\Partition0
15:46:46.0078 2272 \Device\Harddisk6\DR21\Partition0 - ok
15:46:46.0078 2272 ============================================================
15:46:46.0078 2272 Scan finished
15:46:46.0078 2272 ============================================================
15:46:46.0093 0476 Detected object count: 0
15:46:46.0093 0476 Actual detected object count: 0

robbhenningsr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-10-20
Operating System : XP Media Ctr 2002 Service pack 3

View user profile

Back to top Go down

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Post by Sponsored content Today at 4:26 am


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum